last executing test programs: 1m22.972747921s ago: executing program 3 (id=19): r0 = socket$can_bcm(0x1d, 0x2, 0x2) recvmmsg(r0, &(0x7f0000007ec0)=[{{0x0, 0x0, &(0x7f0000003e00)}}], 0x1, 0x161, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000100)=0x9, 0x4) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) r3 = getuid() setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000002c0)={{{@in=@broadcast, @in=@private=0xa010102, 0x4e23, 0x3, 0x4e22, 0x0, 0xa, 0x20, 0x80, 0x88, 0x0, r3}, {0x5, 0x3, 0x1c, 0x7, 0x6, 0x2f45, 0x778d, 0x9}, {0x5, 0x8, 0x2}, 0x3, 0x6e6bb4, 0x1, 0x0, 0x1, 0x2}, {{@in6=@private0, 0x4d2, 0x32}, 0xa, @in=@broadcast, 0x3501, 0x1, 0x2, 0x38, 0xee8a, 0x81}}, 0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000200)={'wlan0\x00'}) r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendto$x25(r5, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYRES32=r3], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0x1}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff48) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000940)={'bridge0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="300000001c000100000000000000000007000000", @ANYRES32=r8, @ANYBLOB="8038a0e90b22306ef338dd00a6000a00000300aaaaaaaabb0000060005000100798f6446c7c9c31232a530c8c3326b460000"], 0x30}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r10 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x30, 0x0, 0x1, 0x80000000}, {0x80000006}]}, 0x10) syz_emit_ethernet(0x22, &(0x7f00000003c0)={@local, @random="35cb814dcab3", @val={@void, {0x8100, 0x1}}, {@can={0xc, {{0x3, 0x1, 0x1, 0x1}, 0x1, 0x3, 0x0, 0x0, "dff181d735220891"}}}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r4) sendmsg$can_bcm(r0, &(0x7f0000000280)={&(0x7f0000000040), 0x10, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="01000000274000000200000000000000", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="00000000010000000000000000000000c4f40c848d97a447"], 0x48}}, 0x40) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x41071, 0xffffffffffffffff, 0x0) 1m22.205534326s ago: executing program 3 (id=30): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000015000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b055803e25bc00ae0c63c7f9bafe3ba431351a5e1795ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606f3eb5e01b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29dbff36dd015c7bd3f15aa6aadbeab2a01604108e61aa000000000000000000000000f08a798b4f7458d1863cc67c4c6a06e828e5216f601b19db1ad0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f108000000000000006f6151e2b42bcae952390300a2a730a00c87c493dbfa60e63fda97a29682881eb8c9cf74a4207a931a156ad2c46f3c1cde71a19d1a2982612a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28dd6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f5057e2eb062ed71a8c73be72a3d817b324d6e417b1c2cbfdcada0600000000000000d588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b9990995000a006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e9962ead4ecac42c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfbc5652f87b039d5430b3c6643e9146d2478ce31344b554aca78a0000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a3aff6205aa5c263e407a2f7de57f9c4af1e094fa4e3f05528c2a165996efaab5a430c08dd810bc9796f2119e04aeaa71288d9341f11de01753c7532e"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f2f, 0xf, 0x3ce, &(0x7f00000007c0)="9f44948721919580684010a486dd", 0x0, 0x1f9, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece13310aa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) (async) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_POLICY={0x8}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_ID={0x8}]}], {0x14, 0x10}}, 0x78}}, 0x0) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000500), 0xffffffffffffffff) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000040)=0x40049, 0x4) (async) recvmmsg(r3, &(0x7f0000001700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=""/31, 0x1f}}], 0x1, 0x0, 0x0) (async, rerun: 32) setsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, &(0x7f0000000000)=0xffff, 0x4) (async, rerun: 32) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x23, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x401}, {}, {}, [@jmp={0x5, 0x0, 0x7, 0x5, 0x2, 0xc, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4683}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc83}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) (async) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) (async) setsockopt$inet6_opts(r5, 0x29, 0x40, &(0x7f0000010140)=ANY=[@ANYBLOB="000a0000000000002430000000000a0000000000000002000000000000000000001600000001100000000000000000000000000000000300200000000006000000000000000000000000001b90a860095ea22b3b9f"], 0x60) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1f, 0x4, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000004000000000000000085000000ab00000095"], &(0x7f0000000ac0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xdc, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32) r7 = socket$nl_route(0x10, 0x3, 0x0) (async) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, 0x0) (async) sendmsg$nl_route(r7, 0x0, 0x0) (async) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x0) r9 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f00000020c0)={'syztnl2\x00', 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, @mcast2, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}}}) (async, rerun: 64) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000180)) (rerun: 64) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0}, 0x20000001) (async) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000bc0)={'wpan1\x00'}) 1m5.544174412s ago: executing program 3 (id=30): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000015000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b055803e25bc00ae0c63c7f9bafe3ba431351a5e1795ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606f3eb5e01b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29dbff36dd015c7bd3f15aa6aadbeab2a01604108e61aa000000000000000000000000f08a798b4f7458d1863cc67c4c6a06e828e5216f601b19db1ad0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f108000000000000006f6151e2b42bcae952390300a2a730a00c87c493dbfa60e63fda97a29682881eb8c9cf74a4207a931a156ad2c46f3c1cde71a19d1a2982612a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28dd6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f5057e2eb062ed71a8c73be72a3d817b324d6e417b1c2cbfdcada0600000000000000d588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b9990995000a006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e9962ead4ecac42c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfbc5652f87b039d5430b3c6643e9146d2478ce31344b554aca78a0000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a3aff6205aa5c263e407a2f7de57f9c4af1e094fa4e3f05528c2a165996efaab5a430c08dd810bc9796f2119e04aeaa71288d9341f11de01753c7532e"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f2f, 0xf, 0x3ce, &(0x7f00000007c0)="9f44948721919580684010a486dd", 0x0, 0x1f9, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece13310aa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) (async) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_POLICY={0x8}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_ID={0x8}]}], {0x14, 0x10}}, 0x78}}, 0x0) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000500), 0xffffffffffffffff) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000040)=0x40049, 0x4) (async) recvmmsg(r3, &(0x7f0000001700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=""/31, 0x1f}}], 0x1, 0x0, 0x0) (async, rerun: 32) setsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, &(0x7f0000000000)=0xffff, 0x4) (async, rerun: 32) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x23, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x401}, {}, {}, [@jmp={0x5, 0x0, 0x7, 0x5, 0x2, 0xc, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4683}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc83}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) (async) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) (async) setsockopt$inet6_opts(r5, 0x29, 0x40, &(0x7f0000010140)=ANY=[@ANYBLOB="000a0000000000002430000000000a0000000000000002000000000000000000001600000001100000000000000000000000000000000300200000000006000000000000000000000000001b90a860095ea22b3b9f"], 0x60) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1f, 0x4, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000004000000000000000085000000ab00000095"], &(0x7f0000000ac0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xdc, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32) r7 = socket$nl_route(0x10, 0x3, 0x0) (async) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, 0x0) (async) sendmsg$nl_route(r7, 0x0, 0x0) (async) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x0) r9 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f00000020c0)={'syztnl2\x00', 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, @mcast2, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}}}) (async, rerun: 64) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000180)) (rerun: 64) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0}, 0x20000001) (async) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000bc0)={'wpan1\x00'}) 36.262148405s ago: executing program 3 (id=30): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000015000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b055803e25bc00ae0c63c7f9bafe3ba431351a5e1795ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606f3eb5e01b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29dbff36dd015c7bd3f15aa6aadbeab2a01604108e61aa000000000000000000000000f08a798b4f7458d1863cc67c4c6a06e828e5216f601b19db1ad0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f108000000000000006f6151e2b42bcae952390300a2a730a00c87c493dbfa60e63fda97a29682881eb8c9cf74a4207a931a156ad2c46f3c1cde71a19d1a2982612a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28dd6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f5057e2eb062ed71a8c73be72a3d817b324d6e417b1c2cbfdcada0600000000000000d588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b9990995000a006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e9962ead4ecac42c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfbc5652f87b039d5430b3c6643e9146d2478ce31344b554aca78a0000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a3aff6205aa5c263e407a2f7de57f9c4af1e094fa4e3f05528c2a165996efaab5a430c08dd810bc9796f2119e04aeaa71288d9341f11de01753c7532e"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f2f, 0xf, 0x3ce, &(0x7f00000007c0)="9f44948721919580684010a486dd", 0x0, 0x1f9, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece13310aa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) (async) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_POLICY={0x8}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_ID={0x8}]}], {0x14, 0x10}}, 0x78}}, 0x0) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000500), 0xffffffffffffffff) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000040)=0x40049, 0x4) (async) recvmmsg(r3, &(0x7f0000001700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=""/31, 0x1f}}], 0x1, 0x0, 0x0) (async, rerun: 32) setsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, &(0x7f0000000000)=0xffff, 0x4) (async, rerun: 32) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x23, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x401}, {}, {}, [@jmp={0x5, 0x0, 0x7, 0x5, 0x2, 0xc, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4683}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc83}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) (async) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) (async) setsockopt$inet6_opts(r5, 0x29, 0x40, &(0x7f0000010140)=ANY=[@ANYBLOB="000a0000000000002430000000000a0000000000000002000000000000000000001600000001100000000000000000000000000000000300200000000006000000000000000000000000001b90a860095ea22b3b9f"], 0x60) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1f, 0x4, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000004000000000000000085000000ab00000095"], &(0x7f0000000ac0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xdc, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32) r7 = socket$nl_route(0x10, 0x3, 0x0) (async) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, 0x0) (async) sendmsg$nl_route(r7, 0x0, 0x0) (async) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x0) r9 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f00000020c0)={'syztnl2\x00', 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, @mcast2, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}}}) (async, rerun: 64) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000180)) (rerun: 64) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0}, 0x20000001) (async) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000bc0)={'wpan1\x00'}) 20.641345836s ago: executing program 3 (id=30): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000015000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b055803e25bc00ae0c63c7f9bafe3ba431351a5e1795ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606f3eb5e01b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29dbff36dd015c7bd3f15aa6aadbeab2a01604108e61aa000000000000000000000000f08a798b4f7458d1863cc67c4c6a06e828e5216f601b19db1ad0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f108000000000000006f6151e2b42bcae952390300a2a730a00c87c493dbfa60e63fda97a29682881eb8c9cf74a4207a931a156ad2c46f3c1cde71a19d1a2982612a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28dd6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f5057e2eb062ed71a8c73be72a3d817b324d6e417b1c2cbfdcada0600000000000000d588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b9990995000a006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e9962ead4ecac42c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfbc5652f87b039d5430b3c6643e9146d2478ce31344b554aca78a0000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a3aff6205aa5c263e407a2f7de57f9c4af1e094fa4e3f05528c2a165996efaab5a430c08dd810bc9796f2119e04aeaa71288d9341f11de01753c7532e"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f2f, 0xf, 0x3ce, &(0x7f00000007c0)="9f44948721919580684010a486dd", 0x0, 0x1f9, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece13310aa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) (async) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_POLICY={0x8}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_ID={0x8}]}], {0x14, 0x10}}, 0x78}}, 0x0) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000500), 0xffffffffffffffff) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000040)=0x40049, 0x4) (async) recvmmsg(r3, &(0x7f0000001700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=""/31, 0x1f}}], 0x1, 0x0, 0x0) (async, rerun: 32) setsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, &(0x7f0000000000)=0xffff, 0x4) (async, rerun: 32) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x23, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x401}, {}, {}, [@jmp={0x5, 0x0, 0x7, 0x5, 0x2, 0xc, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4683}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc83}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) (async) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) (async) setsockopt$inet6_opts(r5, 0x29, 0x40, &(0x7f0000010140)=ANY=[@ANYBLOB="000a0000000000002430000000000a0000000000000002000000000000000000001600000001100000000000000000000000000000000300200000000006000000000000000000000000001b90a860095ea22b3b9f"], 0x60) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1f, 0x4, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000004000000000000000085000000ab00000095"], &(0x7f0000000ac0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xdc, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32) r7 = socket$nl_route(0x10, 0x3, 0x0) (async) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, 0x0) (async) sendmsg$nl_route(r7, 0x0, 0x0) (async) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x0) r9 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f00000020c0)={'syztnl2\x00', 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, @mcast2, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}}}) (async, rerun: 64) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000180)) (rerun: 64) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0}, 0x20000001) (async) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000bc0)={'wpan1\x00'}) 9.331946215s ago: executing program 3 (id=30): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000015000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b055803e25bc00ae0c63c7f9bafe3ba431351a5e1795ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606f3eb5e01b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29dbff36dd015c7bd3f15aa6aadbeab2a01604108e61aa000000000000000000000000f08a798b4f7458d1863cc67c4c6a06e828e5216f601b19db1ad0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f108000000000000006f6151e2b42bcae952390300a2a730a00c87c493dbfa60e63fda97a29682881eb8c9cf74a4207a931a156ad2c46f3c1cde71a19d1a2982612a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28dd6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f5057e2eb062ed71a8c73be72a3d817b324d6e417b1c2cbfdcada0600000000000000d588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b9990995000a006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e9962ead4ecac42c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfbc5652f87b039d5430b3c6643e9146d2478ce31344b554aca78a0000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a3aff6205aa5c263e407a2f7de57f9c4af1e094fa4e3f05528c2a165996efaab5a430c08dd810bc9796f2119e04aeaa71288d9341f11de01753c7532e"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f2f, 0xf, 0x3ce, &(0x7f00000007c0)="9f44948721919580684010a486dd", 0x0, 0x1f9, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece13310aa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) (async) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_POLICY={0x8}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_ID={0x8}]}], {0x14, 0x10}}, 0x78}}, 0x0) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000500), 0xffffffffffffffff) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000040)=0x40049, 0x4) (async) recvmmsg(r3, &(0x7f0000001700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=""/31, 0x1f}}], 0x1, 0x0, 0x0) (async, rerun: 32) setsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, &(0x7f0000000000)=0xffff, 0x4) (async, rerun: 32) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x23, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x401}, {}, {}, [@jmp={0x5, 0x0, 0x7, 0x5, 0x2, 0xc, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4683}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc83}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) (async) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) (async) setsockopt$inet6_opts(r5, 0x29, 0x40, &(0x7f0000010140)=ANY=[@ANYBLOB="000a0000000000002430000000000a0000000000000002000000000000000000001600000001100000000000000000000000000000000300200000000006000000000000000000000000001b90a860095ea22b3b9f"], 0x60) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1f, 0x4, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000004000000000000000085000000ab00000095"], &(0x7f0000000ac0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xdc, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32) r7 = socket$nl_route(0x10, 0x3, 0x0) (async) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, 0x0) (async) sendmsg$nl_route(r7, 0x0, 0x0) (async) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x0) r9 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f00000020c0)={'syztnl2\x00', 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, @mcast2, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}}}) (async, rerun: 64) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000180)) (rerun: 64) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0}, 0x20000001) (async) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000bc0)={'wpan1\x00'}) 1.740634784s ago: executing program 2 (id=721): r0 = socket(0x0, 0x1, 0x0) setsockopt$inet6_IPV6_RTHDR(r0, 0x119, 0x39, 0x0, 0x4) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8100) 1.461911057s ago: executing program 2 (id=725): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r4, 0x400448dd, &(0x7f0000000240)={0x0, 0x0, "957008"}) write(r2, &(0x7f0000000340)="41000000010001", 0x7) r5 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r5, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'ip6_vti0\x00', 0x0, 0x29, 0x77, 0x2, 0x43ceced9, 0x56, @empty, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7, 0x40, 0x81, 0x6}}) sendmsg$nl_route_sched(r5, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=@getqdisc={0x28, 0x26, 0x100, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x0, 0xffff}, {0xa, 0x3460379a007c859a}, {0xfff0, 0x7}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4840) 1.378998303s ago: executing program 1 (id=726): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x3, 0x0, 0x7fff, 0x10, 0x61, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x4}, 0x48) (async) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x1000, @none}, 0xe) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, 0x0, 0x0) (async) r1 = socket$netlink(0x10, 0x3, 0x400000000000004) sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="68000000000213000b0063616c6c666f7277617264696e6700000800094000000006080004400000000240000140000800054000000101080005400000000208000840000000020e000600736e6d705f74726170000000000000"], 0x68}}, 0x0) (async) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000100)={'ipvlan1\x00', &(0x7f0000000080)=@ethtool_wolinfo={0x7, 0x0, 0x0, "008000e7ff00"}}) (async) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1, 0x0, 0x0, 0x400300}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00'}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f00000003c0)="e097566f5bec64466cf0925782dd", 0x0, 0x8c9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) write(r4, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) socket$inet_udp(0x2, 0x2, 0x0) (async) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r7, 0x0, r0, 0x0, 0xffffffffffff8000, 0x0) (async, rerun: 32) close(r7) (rerun: 32) syz_genetlink_get_family_id$SEG6(&(0x7f0000000440), r3) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) read(r8, &(0x7f0000000180)=""/68, 0x44) splice(r6, 0x0, 0xffffffffffffffff, 0x0, 0x1100000000f336, 0x2) r9 = socket$inet(0x2, 0x3, 0x9) setsockopt$inet_opts(r9, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) sendto$inet(r9, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x2, 0x0, @empty}, 0x10) (async) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e20, 0x9, @local, 0x6}}, 0x0, 0x0, 0x0, 0x0, "1fa06a710a2d8f8614ac278e33e1fc378fc4893bf68389a4daaf4c91b55d209c8aadf137210e862a5bf9d60922e6b58343404faf7c10451678f45dfdc14d68b43d501bc84c18c2d17c2f0a719e5ff08e"}, 0xd8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) 1.217946265s ago: executing program 2 (id=729): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000010c0)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000050300000000030000000300000000000004000000000000000147d722ce4e838719"], 0x0, 0x4e}, 0x20) 1.201175801s ago: executing program 0 (id=730): unshare(0x28000600) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'veth0_macvtap\x00'}) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x0, 0x8000, 0x4a9}, 0x1c) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000066c0)=ANY=[@ANYBLOB="200000000e1401000000000000000900080001000000000508003c"], 0x20}}, 0x0) 1.145576793s ago: executing program 2 (id=731): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x409, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_UNICAST_FLOOD={0x5, 0x26}]}}}]}, 0x44}}, 0x0) (fail_nth: 2) 1.044849752s ago: executing program 0 (id=732): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000000}}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000001340)=""/4096, 0x1000}, {&(0x7f0000000040)=""/114, 0x72}, {&(0x7f00000001c0)=""/60, 0x3c}, {&(0x7f00000002c0)=""/210, 0xd2}], 0x4}}], 0x2, 0x0, 0x0) 1.044376371s ago: executing program 1 (id=733): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f00000005c0)=0x18, 0x4) sendmsg$netlink(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="280000005f0001"], 0x28}], 0x1}, 0x0) 798.92282ms ago: executing program 0 (id=736): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{0x1, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000001c0)=r4}, 0x20) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000001340)=ANY=[@ANYBLOB="9feb01001800040000000000240000002400000009000000000000000000000d0000000002000000000000120000000004000000000000120200000000005f00"], 0x0, 0x42}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0xd, 0x19, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff8001, 0x0, 0x0, 0x0, 0x6}, [@cb_func={0x18, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x8}, @ringbuf_query, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x551e}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}]}, &(0x7f0000000280)='GPL\x00', 0x5, 0xab, &(0x7f00000006c0)=""/171, 0x41100, 0x40, '\x00', 0x0, 0x24, r7, 0x8, &(0x7f0000000300)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000400)={0x0, 0x3, 0x6, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000780)=[0xffffffffffffffff]}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x5, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x40}, [@cb_func={0x18, 0x8, 0x4, 0x0, 0x1}]}, &(0x7f0000000580)='syzkaller\x00', 0xe, 0xc, &(0x7f00000005c0)=""/12, 0x40f00, 0x24, '\x00', r6, 0x25, r7, 0x8, &(0x7f0000000600)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000640)={0x5, 0x8, 0x47, 0x5}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000680)=[r5, r5, r5, r5, r5], 0x0, 0x10, 0x9}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0xf, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x4}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9}, @tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x4}, @map_idx={0x18, 0x4, 0x5, 0x0, 0x10}, @alu={0x4, 0x1, 0x3, 0x7, 0x0, 0x20, 0x1}]}, &(0x7f00000002c0)='syzkaller\x00', 0x401, 0x78, &(0x7f0000000300)=""/120, 0x41100, 0x80, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000400)={0x2, 0xe, 0xc, 0x81}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000440)=[{0x4, 0x4, 0x8, 0x5}, {0x5, 0x4, 0x8, 0xb}, {0x4, 0x5, 0xf, 0xb}], 0x10, 0x2}, 0x90) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x44, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "fe9cf8f14a410000000500"}, @NL80211_ATTR_MAC={0xa, 0x6, @random}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x2a}]}, 0x44}}, 0x0) 680.339801ms ago: executing program 1 (id=738): setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000000)="1c5c47cc3add2aa79d38b9ded4daa4f4", 0x10) r0 = socket(0x10, 0x803, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x8971, &(0x7f0000000000)) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000900)=@newtaction={0x488, 0x30, 0x12f, 0x0, 0x0, {}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x6, 0x1, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x488}}, 0x0) 631.098856ms ago: executing program 2 (id=739): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0xfeff, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0x5}]}}}]}, 0x40}}, 0x0) 630.519755ms ago: executing program 4 (id=740): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0x5, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call, @call]}, 0x0}, 0x90) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000140)=ANY=[@ANYBLOB="e0000001ac1414aa0000008503"], 0x1c) 559.367094ms ago: executing program 0 (id=741): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socket$inet_udp(0x2, 0x2, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000980)={r0}, 0x4) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x18, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000080007b8af8ff00000000b7080000800000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x1, 0x803, 0x0) pipe(&(0x7f0000000100)) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x58, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r3}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x58}, 0x1, 0x0, 0x0, 0x440d0}, 0x0) 544.45503ms ago: executing program 4 (id=742): bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@bloom_filter={0x1e, 0x5, 0xe079, 0x4, 0x3218, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x1}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) close(r1) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="84eaffff0f00000002000000", @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="04001200060011"], 0x84}}, 0x0) 415.881085ms ago: executing program 2 (id=743): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040), 0xc) r1 = socket$qrtr(0x2a, 0x2, 0x0) epoll_create1(0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) getsockopt$nfc_llcp(r3, 0x118, 0x0, 0x0, 0x20000000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x38, 0x0, &(0x7f0000000b80)="e0b9547ed387dbdec297b9c71ba146e9aac89b6f5becda21cc10dbf39e5dadca038fd03a99a83bcc18df2c4483faea1aa3b5000000000000", 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7f}, 0x5) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000080)=0x4, 0x4) socket$netlink(0x10, 0x3, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x14, 0x0, 0xb01, 0x0, 0x0, {0xd}}, 0x14}}, 0x0) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x140000f0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90224fc60", 0x8c0}], 0x1, 0x0, 0x0, 0x10}, 0x0) setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000400)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@dev, 0x4e22, 0x101, 0x0, 0x0, 0x0, 0x0, 0x80}, {0x0, 0x0, 0x0, 0x0, 0x640}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x2, 0x1, 0x0, 0x2}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}}, 0x0, @in=@multicast2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0xde}}, 0xe8) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000100)={0x0, 0x200, 0x6, 0x1}, 0x14) recvmmsg(r0, &(0x7f0000001080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc) ioctl$sock_qrtr_SIOCGIFADDR(r0, 0x890c, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="e7", 0xfffffffffffffd4b}, {&(0x7f00000000c0)="b979727e0f708371f9a75905de9273db02cb2a925981038fc0af0b6d7aca334a8bcb113bbfc4db1588bdf0cb3d31235448524741ca88502751ac1270a597763159e5bf6f1cceb92d0cfcedee615d29d2f00301dc8026c8e16726d5ba0af6bc7be3138d4c1b98c01f065389f55c3810e5f26e9d3e41a30563c8b0e9f6fa898bb4903be6fedecf122b129ad2488439e3f8501dfbd4f4c591538ed802b06684a593c775280e12062cc1044deaf73005249bc36e001d79cc2f479d58a3df9c59c9d195e9ad482a72b093625ce3ab4f7f1ab4a5bbd0087b"}], 0x1) 415.230222ms ago: executing program 4 (id=744): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000feff00000000000000000000000a2c000000060a0b040004000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002580)=ANY=[@ANYBLOB="140000001000010000c80c00000000000000000a20000000080a01010000000000000000020000000900010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002"], 0xcdc}}, 0x0) 297.102871ms ago: executing program 4 (id=745): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000000c0)=0x9, 0x4) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="0204100020fc80d53d103328", 0x6d, 0x4, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000100), 0x4) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'xfrm0\x00', 0x0}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{0x1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002540)={0x18, 0x25, &(0x7f00000012c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xff}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0x9a}, @ringbuf_query], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001400)='GPL\x00', 0x40, 0x1000, &(0x7f0000001440)=""/4096, 0x40f00, 0x4, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000002440)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000002480)={0x0, 0x1, 0x800, 0x1}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000024c0)=[0x1], &(0x7f0000002500)=[{0x2, 0x5, 0x3, 0x1}], 0x10, 0xbf0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002680)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000002600), &(0x7f0000002640)}, 0x20) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000026c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x6, '\x00', r5, 0xffffffffffffffff, 0x4, 0x0, 0x2}, 0x48) r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000002740)={0xffffffffffffffff, 0x8, 0x18}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000002800)={0x18, 0xd, &(0x7f00000001c0)=@raw=[@cb_func={0x18, 0x0, 0x4, 0x0, 0x7}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ldst={0x0, 0x3, 0x1, 0x0, 0xa, 0x50, 0xffffffffffffffff}, @generic={0x9, 0xc, 0x4, 0x9, 0x9}], &(0x7f0000000140)='GPL\x00', 0xff, 0x1000, &(0x7f0000000280)=""/4096, 0x41000, 0x2, '\x00', r5, 0x5, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001280)={0x3, 0xc, 0xfffffff2, 0x3ff}, 0x10, 0xffffffffffffffff, r7, 0x1, &(0x7f0000002780)=[0x1, r8, r9, r10], &(0x7f00000027c0)=[{0x2, 0x2, 0x4, 0xc}], 0x10, 0x4}, 0x90) r11 = socket$packet(0x11, 0x3, 0x300) r12 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) sendto$packet(r11, &(0x7f0000000180)='`', 0x500, 0x0, &(0x7f0000000240)={0x2f, 0x0, r5, 0x1, 0x0, 0x6, @local}, 0x14) 250.89003ms ago: executing program 1 (id=746): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000040)="03", 0x1) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r2}, 0x10) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_GET_TARGET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r3) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r3) sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000480)={0x0, 0x11, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000eeff120000000a0004007778616e3300000008001500", @ANYRES32=0x0, @ANYBLOB="080001"], 0x30}}, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r1, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r5 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r5, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) socket$kcm(0x29, 0x7, 0x0) 250.078439ms ago: executing program 4 (id=747): socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) (async) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x18}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x90) bind$xdp(r2, &(0x7f0000000040)={0x2c, 0xe, r3, 0x30, r2}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b00)=@newlink={0x44, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x54583}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x1}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @local}]}}}]}, 0x44}}, 0x0) sendmmsg$inet(r0, &(0x7f0000000d40)=[{{&(0x7f00000000c0)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @empty}}}], 0x20}}], 0x1, 0x0) (async) sendmmsg$inet(r0, &(0x7f0000000d40)=[{{&(0x7f00000000c0)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @empty}}}], 0x20}}], 0x1, 0x0) 208.927064ms ago: executing program 0 (id=748): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f00000005c0)=0x18, 0x4) sendmsg$netlink(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="280000005f0001"], 0x28}], 0x1}, 0x0) 151.810761ms ago: executing program 4 (id=749): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r4, 0x400448dd, &(0x7f0000000240)={0x0, 0x0, "957008"}) write(r2, &(0x7f0000000340)="41000000010001", 0x7) r5 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r5, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'ip6_vti0\x00', 0x0, 0x29, 0x77, 0x2, 0x43ceced9, 0x56, @empty, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7, 0x40, 0x81, 0x6}}) sendmsg$nl_route_sched(r5, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=@getqdisc={0x28, 0x26, 0x100, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x0, 0xffff}, {0xa, 0x3460379a007c859a}, {0xfff0, 0x7}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4840) 95.054503ms ago: executing program 1 (id=750): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000240)={0x3, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x40}, {0x6}]}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd}, 0x1c}, 0x1, 0x0, 0xfffffffffffffff0}, 0x0) 88.937178ms ago: executing program 0 (id=751): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0xa000000, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {r1, 0x0, 0x0, 0x0, {@in6_addr=@private0}}}]}, 0x38}, 0x1, 0xf00}, 0x0) 0s ago: executing program 1 (id=752): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x3, 0x8, 0x1014}, 0x48) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x20) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x0, 0x0, @remote, 0x9}], 0x1c) setsockopt(r1, 0x0, 0x0, &(0x7f0000000140), 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socket$inet_dccp(0x2, 0x6, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x64, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001800000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000900)={0x0, @in={{0x2, 0x4e23, @local}}, 0x101}, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000a00)={r6}, &(0x7f0000000a40)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000002100)) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7f, 0x0, &(0x7f0000001180)) r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0) socket$igmp(0x2, 0x3, 0x2) ioctl$SIOCGETSGCNT_IN6(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)={@loopback, @mcast2}) listen(0xffffffffffffffff, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0xfffffdc6) connect$rose(r7, &(0x7f0000000200)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @null}, 0x1c) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r11, @ANYBLOB="855a4f1d550aaf650a001800030303032400029e000004005a8000000000e1000000000000000000"], 0x3c}}, 0x0) kernel console output (not intermixed with test programs): e_slave_1: entered promiscuous mode [ 78.517666][ T5107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.558851][ T5105] team0: Port device team_slave_0 added [ 78.568302][ T5105] team0: Port device team_slave_1 added [ 78.602369][ T5107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.617960][ T5103] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.638884][ T5116] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.649959][ T5116] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.657252][ T5116] bridge_slave_0: entered allmulticast mode [ 78.665058][ T5116] bridge_slave_0: entered promiscuous mode [ 78.674984][ T5101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.688550][ T5101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.719311][ T5103] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.751284][ T5116] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.758525][ T5116] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.765912][ T5116] bridge_slave_1: entered allmulticast mode [ 78.773397][ T5116] bridge_slave_1: entered promiscuous mode [ 78.819447][ T5105] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.826853][ T5105] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.852896][ T5105] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.871622][ T5105] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.878675][ T5105] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.905365][ T5105] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.944910][ T5107] team0: Port device team_slave_0 added [ 78.953545][ T5107] team0: Port device team_slave_1 added [ 78.963450][ T5103] team0: Port device team_slave_0 added [ 79.008652][ T5101] team0: Port device team_slave_0 added [ 79.030225][ T5103] team0: Port device team_slave_1 added [ 79.061437][ T5116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.073405][ T5116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.084902][ T5101] team0: Port device team_slave_1 added [ 79.101460][ T5111] Bluetooth: hci3: command tx timeout [ 79.101526][ T4497] Bluetooth: hci1: command tx timeout [ 79.111794][ T5110] Bluetooth: hci0: command tx timeout [ 79.147648][ T5105] hsr_slave_0: entered promiscuous mode [ 79.154713][ T5105] hsr_slave_1: entered promiscuous mode [ 79.180812][ T5110] Bluetooth: hci2: command tx timeout [ 79.180843][ T4497] Bluetooth: hci4: command tx timeout [ 79.198700][ T5107] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.205960][ T5107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.232169][ T5107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.245278][ T5103] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.252470][ T5103] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.280630][ T5103] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.293707][ T5103] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.301198][ T5103] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.327382][ T5103] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.354669][ T5116] team0: Port device team_slave_0 added [ 79.361542][ T5101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.368597][ T5101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.394791][ T5101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.406986][ T5107] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.414230][ T5107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.440281][ T5107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.488489][ T5116] team0: Port device team_slave_1 added [ 79.507769][ T5101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.515052][ T5101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.541048][ T5101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.613263][ T5116] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.620260][ T5116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.646805][ T5116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.722999][ T5116] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.730136][ T5116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.756839][ T5116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.773892][ T5101] hsr_slave_0: entered promiscuous mode [ 79.781413][ T5101] hsr_slave_1: entered promiscuous mode [ 79.787830][ T5101] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.796072][ T5101] Cannot create hsr debugfs directory [ 79.806111][ T5107] hsr_slave_0: entered promiscuous mode [ 79.813412][ T5107] hsr_slave_1: entered promiscuous mode [ 79.819668][ T5107] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.827426][ T5107] Cannot create hsr debugfs directory [ 79.839984][ T5103] hsr_slave_0: entered promiscuous mode [ 79.846797][ T5103] hsr_slave_1: entered promiscuous mode [ 79.853102][ T5103] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.860814][ T5103] Cannot create hsr debugfs directory [ 80.021855][ T5116] hsr_slave_0: entered promiscuous mode [ 80.028263][ T5116] hsr_slave_1: entered promiscuous mode [ 80.035057][ T5116] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.046616][ T5116] Cannot create hsr debugfs directory [ 80.416029][ T5105] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 80.454726][ T5105] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.478147][ T5105] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.504471][ T5105] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.551773][ T5101] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.572639][ T5101] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.583736][ T5101] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.611981][ T5101] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.698807][ T5103] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.732208][ T5103] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.743858][ T5103] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.767762][ T5107] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 80.792100][ T5103] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.814269][ T5107] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 80.826444][ T5107] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 80.838933][ T5107] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 80.983393][ T5116] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.995873][ T5116] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.022964][ T5105] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.043073][ T5116] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.059911][ T5116] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.089226][ T5105] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.134276][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.141852][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.164877][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.172230][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.181558][ T4497] Bluetooth: hci1: command tx timeout [ 81.187016][ T5110] Bluetooth: hci0: command tx timeout [ 81.190586][ T5111] Bluetooth: hci3: command tx timeout [ 81.262139][ T5111] Bluetooth: hci2: command tx timeout [ 81.262148][ T5110] Bluetooth: hci4: command tx timeout [ 81.300206][ T5101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.398897][ T5103] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.422840][ T5101] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.479395][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.486659][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.526847][ T5107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.551575][ T5103] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.569738][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.577099][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.609629][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.616889][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.634571][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.641811][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.679967][ T5116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.726946][ T5107] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.766417][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.773637][ T5154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.815391][ T5116] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.856239][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.863565][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.923708][ T5105] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.949406][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.956638][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.976719][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.983974][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.138828][ T5101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.370177][ T5116] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 82.427275][ T5116] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.474728][ T5105] veth0_vlan: entered promiscuous mode [ 82.585681][ T5105] veth1_vlan: entered promiscuous mode [ 82.671301][ T5101] veth0_vlan: entered promiscuous mode [ 82.744911][ T5107] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.767718][ T5101] veth1_vlan: entered promiscuous mode [ 82.805318][ T5103] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.847091][ T5105] veth0_macvtap: entered promiscuous mode [ 82.887762][ T5105] veth1_macvtap: entered promiscuous mode [ 83.038907][ T5101] veth0_macvtap: entered promiscuous mode [ 83.065006][ T5116] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.109432][ T5105] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.125919][ T5103] veth0_vlan: entered promiscuous mode [ 83.148011][ T5101] veth1_macvtap: entered promiscuous mode [ 83.176158][ T5105] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.193535][ T5103] veth1_vlan: entered promiscuous mode [ 83.239565][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.263017][ T5111] Bluetooth: hci0: command tx timeout [ 83.263021][ T4497] Bluetooth: hci1: command tx timeout [ 83.263121][ T5110] Bluetooth: hci3: command tx timeout [ 83.271384][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.312487][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.337458][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.348461][ T5110] Bluetooth: hci4: command tx timeout [ 83.350190][ T5111] Bluetooth: hci2: command tx timeout [ 83.368356][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.379992][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.392748][ T5105] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.402956][ T5105] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.412008][ T5105] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.422150][ T5105] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.439040][ T5101] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.448926][ T5101] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.457725][ T5101] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.466488][ T5101] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.543146][ T5103] veth0_macvtap: entered promiscuous mode [ 83.586012][ T5103] veth1_macvtap: entered promiscuous mode [ 83.609585][ T5116] veth0_vlan: entered promiscuous mode [ 83.659680][ T5116] veth1_vlan: entered promiscuous mode [ 83.694860][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.705967][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.719205][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.730115][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.744181][ T5103] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.825371][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.837293][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.850290][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.860910][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.873525][ T5103] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.885840][ T5103] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.894780][ T5103] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.904164][ T5103] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.913132][ T5103] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.924844][ T5107] veth0_vlan: entered promiscuous mode [ 83.952890][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.963485][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.968072][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.975492][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.994599][ T5107] veth1_vlan: entered promiscuous mode [ 84.075328][ T5116] veth0_macvtap: entered promiscuous mode [ 84.103578][ T5116] veth1_macvtap: entered promiscuous mode [ 84.117878][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.126642][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.173216][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.184027][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.193927][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.204440][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.214868][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.225486][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.237504][ T5116] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.259371][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.282218][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.337937][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.355495][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.366430][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.385323][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.395551][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.406972][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.419703][ T5116] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.461576][ T2491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.469461][ T2491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.483694][ T5107] veth0_macvtap: entered promiscuous mode [ 84.504299][ T5116] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.513767][ T5116] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.523524][ T5116] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.532617][ T5116] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.574234][ T5107] veth1_macvtap: entered promiscuous mode [ 84.674845][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.705414][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.725245][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.737331][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.759862][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.773625][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.784933][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.795574][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.808102][ T5107] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.829819][ T2491] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.852200][ T2491] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.891451][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.914101][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.938847][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.961586][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.987868][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.012819][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.039977][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.059764][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.080039][ T5107] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.096505][ T5107] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.123188][ T5107] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.141392][ T5107] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.159892][ T5107] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.310903][ T1262] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.318872][ T1262] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.341539][ T5111] Bluetooth: hci0: command tx timeout [ 85.342711][ T4497] Bluetooth: hci1: command tx timeout [ 85.353195][ T5110] Bluetooth: hci3: command tx timeout [ 85.357313][ T5202] FAULT_INJECTION: forcing a failure. [ 85.357313][ T5202] name failslab, interval 1, probability 0, space 0, times 1 [ 85.421483][ T5110] Bluetooth: hci4: command tx timeout [ 85.429585][ T5202] CPU: 0 PID: 5202 Comm: syz.0.10 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 85.439199][ T5202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 85.449308][ T5202] Call Trace: [ 85.452626][ T5202] [ 85.455593][ T5202] dump_stack_lvl+0x241/0x360 [ 85.460340][ T5202] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.465617][ T5202] ? __pfx__printk+0x10/0x10 [ 85.470241][ T5202] ? nft_pernet+0x1ef/0x240 [ 85.474765][ T5202] ? nf_tables_module_autoload_cleanup+0x204/0x230 [ 85.481294][ T5202] should_fail_ex+0x3b0/0x4e0 [ 85.486003][ T5202] ? __alloc_skb+0x1c3/0x440 [ 85.490619][ T5202] should_failslab+0x9/0x20 [ 85.495156][ T5202] kmem_cache_alloc_node_noprof+0x71/0x320 [ 85.501009][ T5202] __alloc_skb+0x1c3/0x440 [ 85.505454][ T5202] ? __pfx___alloc_skb+0x10/0x10 [ 85.510410][ T5202] ? nf_tables_commit+0x8970/0x8a40 [ 85.515624][ T5202] ? netlink_ack_tlv_len+0x6e/0x200 [ 85.520841][ T5202] netlink_ack+0x13f/0xa30 [ 85.525272][ T5202] ? __kasan_kmalloc+0x98/0xb0 [ 85.530039][ T5202] ? nfnetlink_rcv+0x11b8/0x2a90 [ 85.535004][ T5202] ? nfnetlink_rcv+0x1219/0x2a90 [ 85.539957][ T5202] nfnetlink_rcv+0x24fd/0x2a90 [ 85.544762][ T5202] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 85.549939][ T5202] ? netlink_deliver_tap+0x2e/0x1b0 [ 85.555146][ T5202] ? skb_clone+0x240/0x390 [ 85.559574][ T5202] ? __pfx_lock_release+0x10/0x10 [ 85.564632][ T5202] ? netlink_deliver_tap+0x2e/0x1b0 [ 85.569858][ T5202] netlink_unicast+0x7f0/0x990 [ 85.574644][ T5202] ? __pfx_netlink_unicast+0x10/0x10 [ 85.579937][ T5202] ? __virt_addr_valid+0x183/0x530 [ 85.585071][ T5202] ? __check_object_size+0x49c/0x900 [ 85.590368][ T5202] ? bpf_lsm_netlink_send+0x9/0x10 [ 85.595513][ T5202] netlink_sendmsg+0x8e4/0xcb0 [ 85.600300][ T5202] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.605602][ T5202] ? __import_iovec+0x536/0x820 [ 85.610466][ T5202] ? aa_sock_msg_perm+0x91/0x160 [ 85.615432][ T5202] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 85.620734][ T5202] ? security_socket_sendmsg+0x87/0xb0 [ 85.626218][ T5202] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.631514][ T5202] __sock_sendmsg+0x221/0x270 [ 85.636206][ T5202] ____sys_sendmsg+0x525/0x7d0 [ 85.640996][ T5202] ? __pfx_____sys_sendmsg+0x10/0x10 [ 85.646310][ T5202] __sys_sendmsg+0x2b0/0x3a0 [ 85.650915][ T5202] ? __pfx___sys_sendmsg+0x10/0x10 [ 85.656043][ T5202] ? vfs_write+0x7c4/0xc90 [ 85.660504][ T5202] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 85.666869][ T5202] ? do_syscall_64+0x100/0x230 [ 85.671652][ T5202] ? do_syscall_64+0xb6/0x230 [ 85.676341][ T5202] do_syscall_64+0xf3/0x230 [ 85.680872][ T5202] ? clear_bhb_loop+0x35/0x90 [ 85.685577][ T5202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.691499][ T5202] RIP: 0033:0x7fd207375b59 [ 85.695924][ T5202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.715546][ T5202] RSP: 002b:00007fd2080ca048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.723989][ T5202] RAX: ffffffffffffffda RBX: 00007fd207505f60 RCX: 00007fd207375b59 [ 85.731988][ T5202] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 85.739974][ T5202] RBP: 00007fd2080ca0a0 R08: 0000000000000000 R09: 0000000000000000 [ 85.747973][ T5202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 85.755957][ T5202] R13: 000000000000000b R14: 00007fd207505f60 R15: 00007fffd6b51518 [ 85.763955][ T5202] [ 85.782223][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.790596][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.802152][ T5110] Bluetooth: hci2: command tx timeout [ 85.820049][ T5201] netlink: 'syz.2.9': attribute type 6 has an invalid length. [ 85.866023][ T5201] netlink: 'syz.2.9': attribute type 2 has an invalid length. [ 86.026535][ T5210] Driver unsupported XDP return value 0 on prog (id 4) dev N/A, expect packet loss! [ 86.070418][ T5210] Zero length message leads to an empty skb [ 86.093863][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.126241][ T5210] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 86.142122][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.206608][ T5214] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13'. [ 86.242557][ T5214] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13'. [ 86.253955][ T5214] bridge_slave_1: left allmulticast mode [ 86.271323][ T5214] bridge_slave_1: left promiscuous mode [ 86.281676][ T5214] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.337103][ T5214] bridge_slave_0: left allmulticast mode [ 86.354920][ T5214] bridge_slave_0: left promiscuous mode [ 86.370134][ T5214] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.377301][ T5219] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14'. [ 86.565578][ T5153] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.604690][ T1262] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.633483][ T1262] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.899068][ T5231] netlink: 'syz.0.21': attribute type 21 has an invalid length. [ 86.925956][ T5231] netlink: 156 bytes leftover after parsing attributes in process `syz.0.21'. [ 87.106408][ T1153] cfg80211: failed to load regulatory.db [ 87.137160][ T5233] syz.4.5 uses obsolete (PF_INET,SOCK_PACKET) [ 88.167711][ T2491] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.241396][ T5257] netlink: 224 bytes leftover after parsing attributes in process `syz.1.32'. [ 89.016886][ T5268] netlink: 4 bytes leftover after parsing attributes in process `syz.0.36'. [ 89.727025][ T4497] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.743701][ T4497] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.751745][ T4497] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.769083][ T4497] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.778196][ T4497] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 89.785962][ T4497] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.822230][ T2491] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.018333][ T2491] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.068666][ T5293] netlink: 12 bytes leftover after parsing attributes in process `syz.1.43'. [ 90.099191][ T5293] vlan2: entered promiscuous mode [ 90.214076][ T2491] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.267012][ T5305] warning: `syz.0.48' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 90.401390][ T5310] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 90.407940][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802edcd400: rx timeout, send abort [ 90.423206][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88802edcd400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 90.438306][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88802edcd000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 90.593021][ T2491] bridge_slave_1: left allmulticast mode [ 90.607142][ T2491] bridge_slave_1: left promiscuous mode [ 90.618945][ T2491] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.668231][ T2491] bridge_slave_0: left allmulticast mode [ 90.676949][ T2491] bridge_slave_0: left promiscuous mode [ 90.691997][ T2491] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.144509][ T5316] netlink: 16 bytes leftover after parsing attributes in process `syz.0.50'. [ 91.248933][ T5321] netlink: 8 bytes leftover after parsing attributes in process `syz.0.50'. [ 91.316479][ T2491] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 91.341225][ T2491] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 91.364862][ T2491] bond0 (unregistering): Released all slaves [ 91.814444][ T5281] chnl_net:caif_netlink_parms(): no params data found [ 91.827672][ T4497] Bluetooth: hci4: command tx timeout [ 92.098890][ T5346] netlink: 44 bytes leftover after parsing attributes in process `syz.4.59'. [ 92.305027][ T5362] netlink: 104 bytes leftover after parsing attributes in process `syz.4.63'. [ 92.330146][ T5358] ipt_ECN: cannot use operation on non-tcp rule [ 92.643597][ T2491] hsr_slave_0: left promiscuous mode [ 92.679709][ T2491] hsr_slave_1: left promiscuous mode [ 92.689876][ T2491] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 92.717332][ T2491] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 92.736080][ T2491] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 92.744068][ T2491] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 92.763588][ T2491] veth1_macvtap: left promiscuous mode [ 92.772275][ T2491] veth0_macvtap: left promiscuous mode [ 92.778539][ T2491] veth1_vlan: left promiscuous mode [ 92.786230][ T2491] veth0_vlan: left promiscuous mode [ 93.269064][ T2491] team0 (unregistering): Port device team_slave_1 removed [ 93.310916][ T2491] team0 (unregistering): Port device team_slave_0 removed [ 93.681804][ T5376] netlink: 'syz.2.66': attribute type 10 has an invalid length. [ 93.709564][ T5376] team0: Port device netdevsim0 added [ 93.768917][ T5380] netlink: 'syz.2.66': attribute type 10 has an invalid length. [ 93.799566][ T5383] dccp_invalid_packet: P.Data Offset(0) too small [ 93.818079][ T5380] team0: Port device netdevsim0 removed [ 93.833861][ T5380] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 93.900746][ T4497] Bluetooth: hci4: command tx timeout [ 94.118481][ T5281] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.146691][ T5281] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.167082][ T5281] bridge_slave_0: entered allmulticast mode [ 94.191681][ T5281] bridge_slave_0: entered promiscuous mode [ 94.219123][ T5281] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.238728][ T5281] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.255876][ T5281] bridge_slave_1: entered allmulticast mode [ 94.281117][ T5281] bridge_slave_1: entered promiscuous mode [ 94.449946][ T5401] netlink: 104 bytes leftover after parsing attributes in process `syz.2.74'. [ 94.579831][ T5407] netlink: 104 bytes leftover after parsing attributes in process `syz.2.76'. [ 94.668969][ T5281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.733152][ T5281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.994374][ T5281] team0: Port device team_slave_0 added [ 95.107560][ T5281] team0: Port device team_slave_1 added [ 95.245569][ T5432] dccp_invalid_packet: P.Data Offset(0) too small [ 95.334536][ T5281] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.346990][ T5281] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.411754][ T5281] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.473307][ T5437] netlink: 4 bytes leftover after parsing attributes in process `syz.0.84'. [ 95.505644][ T5441] netlink: 12 bytes leftover after parsing attributes in process `syz.0.84'. [ 95.539335][ T5281] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.580587][ T5281] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.663155][ T5281] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.789718][ T5281] hsr_slave_0: entered promiscuous mode [ 95.828990][ T5281] hsr_slave_1: entered promiscuous mode [ 95.854807][ T5281] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.860951][ T5457] netlink: set zone limit has 8 unknown bytes [ 95.876186][ T5281] Cannot create hsr debugfs directory [ 95.980641][ T4497] Bluetooth: hci4: command tx timeout [ 96.097075][ T5457] netlink: 'syz.1.91': attribute type 1 has an invalid length. [ 96.399594][ T5484] dccp_invalid_packet: P.Data Offset(0) too small [ 96.842482][ T5501] FAULT_INJECTION: forcing a failure. [ 96.842482][ T5501] name failslab, interval 1, probability 0, space 0, times 0 [ 96.892564][ T5501] CPU: 1 PID: 5501 Comm: syz.2.104 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 96.902270][ T5501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 96.912363][ T5501] Call Trace: [ 96.915677][ T5501] [ 96.918640][ T5501] dump_stack_lvl+0x241/0x360 [ 96.923370][ T5501] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.928624][ T5501] ? __pfx__printk+0x10/0x10 [ 96.933265][ T5501] ? ref_tracker_alloc+0x332/0x490 [ 96.938427][ T5501] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 96.943946][ T5501] should_fail_ex+0x3b0/0x4e0 [ 96.948674][ T5501] ? skb_clone+0x20c/0x390 [ 96.953129][ T5501] should_failslab+0x9/0x20 [ 96.957679][ T5501] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 96.963094][ T5501] skb_clone+0x20c/0x390 [ 96.967359][ T5501] __netlink_deliver_tap+0x3cc/0x7c0 [ 96.972676][ T5501] ? netlink_deliver_tap+0x2e/0x1b0 [ 96.977890][ T5501] netlink_deliver_tap+0x19d/0x1b0 [ 96.983016][ T5501] __netlink_sendskb+0x60/0xd0 [ 96.987793][ T5501] netlink_dump+0x97d/0xd80 [ 96.992322][ T5501] ? __pfx_netlink_dump+0x10/0x10 [ 96.997369][ T5501] ? __asan_memset+0x23/0x50 [ 97.001977][ T5501] ? genl_start+0x4a8/0x6d0 [ 97.006495][ T5501] __netlink_dump_start+0x59f/0x780 [ 97.011718][ T5501] genl_rcv_msg+0x88c/0xec0 [ 97.016227][ T5501] ? mark_lock+0x9a/0x350 [ 97.020591][ T5501] ? __pfx_genl_rcv_msg+0x10/0x10 [ 97.025639][ T5501] ? __pfx_genl_start+0x10/0x10 [ 97.030496][ T5501] ? __pfx_genl_dumpit+0x10/0x10 [ 97.035454][ T5501] ? __pfx_genl_done+0x10/0x10 [ 97.040238][ T5501] ? __pfx_lock_acquire+0x10/0x10 [ 97.045271][ T5501] ? __pfx_batadv_hardif_neigh_dump+0x10/0x10 [ 97.051353][ T5501] ? __pfx___might_resched+0x10/0x10 [ 97.056668][ T5501] netlink_rcv_skb+0x1e3/0x430 [ 97.061444][ T5501] ? __pfx_genl_rcv_msg+0x10/0x10 [ 97.066495][ T5501] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 97.071821][ T5501] ? __netlink_deliver_tap+0x77e/0x7c0 [ 97.077306][ T5501] genl_rcv+0x28/0x40 [ 97.081301][ T5501] netlink_unicast+0x7f0/0x990 [ 97.086080][ T5501] ? __pfx_netlink_unicast+0x10/0x10 [ 97.091371][ T5501] ? __virt_addr_valid+0x183/0x530 [ 97.096501][ T5501] ? __check_object_size+0x49c/0x900 [ 97.101796][ T5501] ? bpf_lsm_netlink_send+0x9/0x10 [ 97.106920][ T5501] netlink_sendmsg+0x8e4/0xcb0 [ 97.111709][ T5501] ? __pfx_netlink_sendmsg+0x10/0x10 [ 97.117006][ T5501] ? __import_iovec+0x536/0x820 [ 97.121876][ T5501] ? aa_sock_msg_perm+0x91/0x160 [ 97.126842][ T5501] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 97.132140][ T5501] ? security_socket_sendmsg+0x87/0xb0 [ 97.137625][ T5501] ? __pfx_netlink_sendmsg+0x10/0x10 [ 97.142920][ T5501] __sock_sendmsg+0x221/0x270 [ 97.147612][ T5501] ____sys_sendmsg+0x525/0x7d0 [ 97.152400][ T5501] ? __pfx_____sys_sendmsg+0x10/0x10 [ 97.157714][ T5501] __sys_sendmsg+0x2b0/0x3a0 [ 97.162312][ T5501] ? __pfx___sys_sendmsg+0x10/0x10 [ 97.167439][ T5501] ? vfs_write+0x7c4/0xc90 [ 97.171901][ T5501] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 97.178268][ T5501] ? do_syscall_64+0x100/0x230 [ 97.183078][ T5501] ? do_syscall_64+0xb6/0x230 [ 97.187780][ T5501] do_syscall_64+0xf3/0x230 [ 97.192312][ T5501] ? clear_bhb_loop+0x35/0x90 [ 97.197007][ T5501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.202916][ T5501] RIP: 0033:0x7f1962375b59 [ 97.207340][ T5501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.226958][ T5501] RSP: 002b:00007f196316b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.235384][ T5501] RAX: ffffffffffffffda RBX: 00007f1962505f60 RCX: 00007f1962375b59 [ 97.243365][ T5501] RDX: 0000000000000000 RSI: 0000000020004340 RDI: 0000000000000004 [ 97.251354][ T5501] RBP: 00007f196316b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 97.259355][ T5501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.267361][ T5501] R13: 000000000000000b R14: 00007f1962505f60 R15: 00007ffe51432e78 [ 97.275367][ T5501] [ 97.756834][ T5528] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 97.838139][ T5530] netlink: 156 bytes leftover after parsing attributes in process `syz.2.110'. [ 97.853618][ T1153] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 97.880848][ T5530] netlink: 'syz.2.110': attribute type 2 has an invalid length. [ 97.895025][ T1153] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 97.920998][ T5530] netlink: 60 bytes leftover after parsing attributes in process `syz.2.110'. [ 98.007445][ T5538] xt_CT: You must specify a L4 protocol and not use inversions on it [ 98.054827][ T140] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 98.055124][ T5540] dccp_invalid_packet: P.Data Offset(0) too small [ 98.063251][ T4497] Bluetooth: hci4: command tx timeout [ 98.092116][ T5528] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 98.107956][ T140] wlan1: authenticated [ 98.130962][ T140] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 98.229714][ T5538] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 98.271261][ T35] wlan1: associate with 08:02:11:00:00:00 (try 2/3) [ 98.400443][ T35] wlan1: associate with 08:02:11:00:00:00 (try 3/3) [ 98.515073][ T11] wlan1: association with 08:02:11:00:00:00 timed out [ 98.567359][ T5281] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 98.625242][ T5281] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 98.676225][ T5281] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 98.717850][ T5281] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 99.489256][ T5590] netlink: 28 bytes leftover after parsing attributes in process `syz.4.129'. [ 99.543632][ T5590] netlink: 28 bytes leftover after parsing attributes in process `syz.4.129'. [ 99.600630][ T5590] macvlan0: entered promiscuous mode [ 99.623264][ T5590] batadv_slave_0: entered promiscuous mode [ 99.657336][ T5281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.813716][ T5281] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.992745][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.999989][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.030769][ T5613] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 100.069788][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.077074][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.149030][ T5606] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 101.179393][ T5281] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.427360][ T5281] veth0_vlan: entered promiscuous mode [ 101.489148][ T5281] veth1_vlan: entered promiscuous mode [ 101.575547][ T5281] veth0_macvtap: entered promiscuous mode [ 101.639202][ T5281] veth1_macvtap: entered promiscuous mode [ 101.744727][ T5281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.783576][ T5281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.833622][ T5281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.866168][ T5281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.907733][ T5281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.933145][ T5281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.960239][ T5281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.977812][ T5281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.988514][ T5692] xt_connbytes: Forcing CT accounting to be enabled [ 101.998601][ T5692] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 102.014215][ T5281] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.022737][ T5692] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 102.055678][ T5682] netlink: 'syz.2.150': attribute type 29 has an invalid length. [ 102.086697][ T5281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.106929][ T5695] netlink: 4 bytes leftover after parsing attributes in process `syz.2.150'. [ 102.155559][ T5281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.163338][ T5701] netlink: 'syz.4.155': attribute type 1 has an invalid length. [ 102.210566][ T5281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.250617][ T5281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.291487][ T5281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.334785][ T5281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.358113][ T5281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.369079][ T5714] dccp_invalid_packet: P.Data Offset(0) too small [ 102.373470][ T5281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.389376][ T5281] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.413418][ T5687] netlink: 'syz.2.150': attribute type 29 has an invalid length. [ 102.430263][ T5708] netlink: 8 bytes leftover after parsing attributes in process `syz.4.155'. [ 102.467376][ T5707] bridge0: port 3(macvlan0) entered blocking state [ 102.481208][ T5707] bridge0: port 3(macvlan0) entered disabled state [ 102.492277][ T5707] macvlan0: entered allmulticast mode [ 102.499131][ T5707] veth1_vlan: entered allmulticast mode [ 102.510653][ T5707] macvlan0: entered promiscuous mode [ 102.518027][ T5707] bridge0: port 3(macvlan0) entered blocking state [ 102.525136][ T5707] bridge0: port 3(macvlan0) entered forwarding state [ 102.579682][ T5281] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.610462][ T5281] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.660673][ T5281] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.683895][ T5281] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.944495][ C0] eth0: bad gso: type: 1, size: 1408 [ 103.124825][ T2491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.159739][ T2491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.475336][ T5744] syzkaller0: entered promiscuous mode [ 103.490916][ T5744] syzkaller0: entered allmulticast mode [ 103.512512][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.516036][ T1282] syzkaller0: tun_net_xmit 48 [ 103.542052][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.149169][ T5777] dccp_invalid_packet: P.Data Offset(0) too small [ 105.001519][ T5110] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 105.015857][ T5110] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 105.031074][ T5110] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 105.058522][ T5110] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 105.078568][ T5110] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 105.086199][ T5110] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 105.897178][ T5779] netlink: 48 bytes leftover after parsing attributes in process `syz.2.173'. [ 106.106473][ T2491] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.203142][ T5820] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 106.250650][ T5816] netlink: 'syz.1.180': attribute type 29 has an invalid length. [ 106.278041][ T5821] netlink: 'syz.1.180': attribute type 29 has an invalid length. [ 106.316466][ T5823] FAULT_INJECTION: forcing a failure. [ 106.316466][ T5823] name failslab, interval 1, probability 0, space 0, times 0 [ 106.342765][ T5811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 106.359772][ T5823] CPU: 1 PID: 5823 Comm: syz.0.182 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 106.369481][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 106.379579][ T5823] Call Trace: [ 106.382894][ T5823] [ 106.385865][ T5823] dump_stack_lvl+0x241/0x360 [ 106.390597][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.395854][ T5823] ? __pfx__printk+0x10/0x10 [ 106.400491][ T5823] ? nf_ct_pernet+0x45/0x270 [ 106.405124][ T5823] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 106.411154][ T5823] ? __pfx_lock_release+0x10/0x10 [ 106.416230][ T5823] should_fail_ex+0x3b0/0x4e0 [ 106.420993][ T5823] ? __nf_conntrack_alloc+0x8f/0x380 [ 106.426318][ T5823] should_failslab+0x9/0x20 [ 106.430860][ T5823] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 106.436285][ T5823] __nf_conntrack_alloc+0x8f/0x380 [ 106.441450][ T5823] init_conntrack+0x3c3/0x1310 [ 106.446326][ T5823] ? __pfx_init_conntrack+0x10/0x10 [ 106.451567][ T5823] ? __pfx___nf_conntrack_find_get+0x10/0x10 [ 106.457574][ T5823] ? __local_bh_enable_ip+0x168/0x200 [ 106.462993][ T5823] nf_conntrack_in+0xd59/0x1880 [ 106.467903][ T5823] ? __pfx_nf_conntrack_in+0x10/0x10 [ 106.473230][ T5823] ? __pfx_ipv6_conntrack_local+0x10/0x10 [ 106.478963][ T5823] nf_hook_slow+0xc3/0x220 [ 106.483386][ T5823] ? __pfx_dst_output+0x10/0x10 [ 106.488256][ T5823] nf_hook+0x2c4/0x450 [ 106.492347][ T5823] ? nf_hook+0x9e/0x450 [ 106.496516][ T5823] ? __pfx_nf_hook+0x10/0x10 [ 106.501119][ T5823] ? __pfx_dst_output+0x10/0x10 [ 106.505987][ T5823] ip6_xmit+0xed4/0x17f0 [ 106.510237][ T5823] ? __pfx_dst_output+0x10/0x10 [ 106.515116][ T5823] ? __pfx_ip6_xmit+0x10/0x10 [ 106.519801][ T5823] ? inet6_csk_route_socket+0x625/0xe30 [ 106.525359][ T5823] ? kasan_quarantine_put+0xdc/0x230 [ 106.530658][ T5823] ? inet6_csk_route_socket+0x402/0xe30 [ 106.536227][ T5823] inet6_csk_xmit+0x468/0x710 [ 106.540934][ T5823] ? inet6_csk_xmit+0x1be/0x710 [ 106.545797][ T5823] ? __pfx_inet6_csk_xmit+0x10/0x10 [ 106.551022][ T5823] ? __pfx_inet6_csk_xmit+0x10/0x10 [ 106.556231][ T5823] __tcp_transmit_skb+0x1ed1/0x3b30 [ 106.561466][ T5823] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 106.567062][ T5823] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 106.573676][ T5823] ? tcp_send_window_probe+0x26d/0x470 [ 106.579146][ T5823] do_tcp_setsockopt+0x1a64/0x2540 [ 106.584281][ T5823] ? __pfx_do_tcp_setsockopt+0x10/0x10 [ 106.589768][ T5823] ? __pfx_aa_sk_perm+0x10/0x10 [ 106.594649][ T5823] ? __pfx_lock_acquire+0x10/0x10 [ 106.599686][ T5823] ? aa_sock_opt_perm+0x79/0x120 [ 106.604635][ T5823] ? tcp_setsockopt+0x3e/0xf0 [ 106.609330][ T5823] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 106.615261][ T5823] do_sock_setsockopt+0x3af/0x720 [ 106.620313][ T5823] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 106.625874][ T5823] ? __fget_files+0x29/0x470 [ 106.630478][ T5823] ? __fget_files+0x3f6/0x470 [ 106.635178][ T5823] __sys_setsockopt+0x1ae/0x250 [ 106.640051][ T5823] __x64_sys_setsockopt+0xb5/0xd0 [ 106.645094][ T5823] do_syscall_64+0xf3/0x230 [ 106.649611][ T5823] ? clear_bhb_loop+0x35/0x90 [ 106.654302][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.660220][ T5823] RIP: 0033:0x7fd207375b59 [ 106.664651][ T5823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.684287][ T5823] RSP: 002b:00007fd2080ca048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 106.692723][ T5823] RAX: ffffffffffffffda RBX: 00007fd207505f60 RCX: 00007fd207375b59 [ 106.700737][ T5823] RDX: 0000000000000013 RSI: 0000000000000006 RDI: 0000000000000003 [ 106.708727][ T5823] RBP: 00007fd2080ca0a0 R08: 0000000000000004 R09: 0000000000000000 [ 106.716716][ T5823] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.724717][ T5823] R13: 000000000000000b R14: 00007fd207505f60 R15: 00007fffd6b51518 [ 106.732731][ T5823] [ 107.173707][ T2491] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.181123][ T4497] Bluetooth: hci4: command tx timeout [ 107.275070][ T5821] netlink: 4 bytes leftover after parsing attributes in process `syz.1.180'. [ 107.299300][ T5831] macsec1: entered promiscuous mode [ 107.323897][ T5834] netlink: 4 bytes leftover after parsing attributes in process `syz.2.186'. [ 107.484311][ T2491] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.673587][ T2491] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.817871][ T29] audit: type=1107 audit(1721461585.908:2): pid=5852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 109.261361][ T4497] Bluetooth: hci4: command tx timeout [ 110.325515][ T5891] syzkaller0: entered promiscuous mode [ 110.331783][ T5891] syzkaller0: entered allmulticast mode [ 110.495364][ T5923] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 111.342059][ T4497] Bluetooth: hci4: command tx timeout [ 112.103437][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 112.116167][ T2491] bridge_slave_1: left allmulticast mode [ 112.122729][ T2491] bridge_slave_1: left promiscuous mode [ 112.128558][ T2491] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.139080][ T2491] bridge_slave_0: left allmulticast mode [ 112.146614][ T2491] bridge_slave_0: left promiscuous mode [ 112.153444][ T2491] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.550775][ T2491] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 112.566155][ T2491] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 112.577770][ T2491] bond0 (unregistering): Released all slaves [ 113.009603][ T5962] netlink: 40 bytes leftover after parsing attributes in process `syz.2.235'. [ 113.039538][ T5966] netlink: 36 bytes leftover after parsing attributes in process `syz.1.237'. [ 113.200795][ T5974] netlink: 12 bytes leftover after parsing attributes in process `syz.4.239'. [ 113.421006][ T4497] Bluetooth: hci4: command tx timeout [ 113.446019][ T5974] netlink: 8 bytes leftover after parsing attributes in process `syz.4.239'. [ 113.668945][ T5981] pim6reg1: entered promiscuous mode [ 113.690695][ T5981] pim6reg1: entered allmulticast mode [ 113.788183][ C0] eth0: bad gso: type: 1, size: 1408 [ 113.798150][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.841935][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.862543][ T6003] netlink: 24 bytes leftover after parsing attributes in process `syz.1.244'. [ 113.883895][ T5805] bridge_slave_0: entered allmulticast mode [ 113.921886][ T5805] bridge_slave_0: entered promiscuous mode [ 113.951125][ T6007] netlink: 20 bytes leftover after parsing attributes in process `syz.4.245'. [ 114.018128][ T2491] hsr_slave_0: left promiscuous mode [ 114.039728][ T2491] hsr_slave_1: left promiscuous mode [ 114.050082][ T2491] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 114.070593][ T2491] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 114.112784][ T2491] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 114.150720][ T2491] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 114.230197][ T2491] veth1_macvtap: left promiscuous mode [ 114.254239][ T2491] veth0_macvtap: left promiscuous mode [ 114.259973][ T2491] veth1_vlan: left promiscuous mode [ 114.276926][ T2491] veth0_vlan: left promiscuous mode [ 114.829405][ T2491] team0 (unregistering): Port device team_slave_1 removed [ 114.868924][ T2491] team0 (unregistering): Port device team_slave_0 removed [ 115.221816][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.229041][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.236520][ T5805] bridge_slave_1: entered allmulticast mode [ 115.244141][ T5805] bridge_slave_1: entered promiscuous mode [ 115.470040][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.515791][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 115.773771][ T5805] team0: Port device team_slave_0 added [ 115.806827][ T5805] team0: Port device team_slave_1 added [ 115.910234][ T6046] netlink: 20 bytes leftover after parsing attributes in process `syz.4.255'. [ 115.967518][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.985287][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.077619][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.172107][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.199662][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.281770][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.618614][ T5805] hsr_slave_0: entered promiscuous mode [ 116.658774][ T6087] Bluetooth: MGMT ver 1.23 [ 116.667414][ T5805] hsr_slave_1: entered promiscuous mode [ 116.691814][ T5805] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 116.699442][ T5805] Cannot create hsr debugfs directory [ 116.943277][ T6100] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 117.021599][ T6100] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.268'. [ 117.721370][ T6121] netlink: 20 bytes leftover after parsing attributes in process `syz.1.275'. [ 117.775918][ T6121] vlan2: entered promiscuous mode [ 117.787045][ T6121] vlan2: entered allmulticast mode [ 118.067469][ T5103] cgroup: fork rejected by pids controller in /syz1 [ 118.151948][ T6141] netlink: 8 bytes leftover after parsing attributes in process `syz.0.282'. [ 118.180672][ T6141] netlink: 8 bytes leftover after parsing attributes in process `syz.0.282'. [ 118.355922][ T6150] netlink: 12 bytes leftover after parsing attributes in process `syz.4.284'. [ 118.370096][ T5805] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 118.422801][ T5805] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 118.437832][ T5805] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 118.508342][ T5805] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 118.674820][ T1282] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.775784][ T6158] dummy0: entered promiscuous mode [ 118.812413][ T6158] dummy0: left promiscuous mode [ 118.954353][ T1282] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.204141][ T1282] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.229065][ T6173] netlink: 40 bytes leftover after parsing attributes in process `syz.2.293'. [ 119.295780][ T6172] netlink: 20 bytes leftover after parsing attributes in process `syz.4.292'. [ 119.352579][ T6172] vlan2: entered promiscuous mode [ 119.375708][ T6172] vlan2: entered allmulticast mode [ 119.439695][ T1282] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.562584][ T5110] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 119.584873][ T5110] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 119.600228][ T5110] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 119.610286][ T5110] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 119.616080][ T5107] cgroup: fork rejected by pids controller in /syz4 [ 119.650773][ T5110] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 119.658958][ T5110] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 119.796849][ T6191] netlink: 'syz.0.299': attribute type 9 has an invalid length. [ 119.846984][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.048920][ T6202] FAULT_INJECTION: forcing a failure. [ 120.048920][ T6202] name failslab, interval 1, probability 0, space 0, times 0 [ 120.098610][ T6202] CPU: 0 PID: 6202 Comm: syz.2.301 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 120.108321][ T6202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 120.118419][ T6202] Call Trace: [ 120.121788][ T6202] [ 120.124753][ T6202] dump_stack_lvl+0x241/0x360 [ 120.129482][ T6202] ? __pfx_dump_stack_lvl+0x10/0x10 [ 120.134725][ T6202] ? __pfx__printk+0x10/0x10 [ 120.139367][ T6202] ? __pfx___might_resched+0x10/0x10 [ 120.144708][ T6202] should_fail_ex+0x3b0/0x4e0 [ 120.149432][ T6202] ? sk_prot_alloc+0xe0/0x210 [ 120.154156][ T6202] should_failslab+0x9/0x20 [ 120.156421][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.158677][ T6202] __kmalloc_noprof+0xd8/0x400 [ 120.170068][ T6202] sk_prot_alloc+0xe0/0x210 [ 120.174617][ T6202] ? sk_alloc+0x26/0x370 [ 120.178919][ T6202] sk_alloc+0x38/0x370 [ 120.183046][ T6202] ? bpf_test_init+0x15a/0x180 [ 120.187860][ T6202] ? bpf_ctx_init+0x162/0x1b0 [ 120.192586][ T6202] bpf_prog_test_run_skb+0x3bd/0x1820 [ 120.198008][ T6202] ? __pfx_lock_release+0x10/0x10 [ 120.203116][ T6202] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 120.208979][ T6202] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 120.214826][ T6202] bpf_prog_test_run+0x33a/0x3b0 [ 120.219784][ T6202] __sys_bpf+0x48d/0x810 [ 120.224045][ T6202] ? __pfx___sys_bpf+0x10/0x10 [ 120.228832][ T6202] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 120.234830][ T6202] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 120.241174][ T6202] ? do_syscall_64+0x100/0x230 [ 120.245956][ T6202] __x64_sys_bpf+0x7c/0x90 [ 120.250381][ T6202] do_syscall_64+0xf3/0x230 [ 120.254896][ T6202] ? clear_bhb_loop+0x35/0x90 [ 120.259591][ T6202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.265503][ T6202] RIP: 0033:0x7f1962375b59 [ 120.269935][ T6202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.289583][ T6202] RSP: 002b:00007f196316b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 120.298015][ T6202] RAX: ffffffffffffffda RBX: 00007f1962505f60 RCX: 00007f1962375b59 [ 120.306011][ T6202] RDX: 0000000000000050 RSI: 00000000200002c0 RDI: 000000000000000a [ 120.314010][ T6202] RBP: 00007f196316b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 120.321992][ T6202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.329968][ T6202] R13: 000000000000000b R14: 00007f1962505f60 R15: 00007ffe51432e78 [ 120.337967][ T6202] [ 120.398656][ T5158] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.405938][ T5158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.469837][ T5158] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.477098][ T5158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.621541][ T5805] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 120.662499][ T5805] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 120.751580][ T1282] macvlan0: left allmulticast mode [ 120.756771][ T1282] veth1_vlan: left allmulticast mode [ 120.771555][ T1282] macvlan0: left promiscuous mode [ 120.777093][ T1282] bridge0: port 3(macvlan0) entered disabled state [ 120.803937][ T1282] bridge_slave_1: left allmulticast mode [ 120.809874][ T1282] bridge_slave_1: left promiscuous mode [ 120.835354][ T1282] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.854393][ T1282] bridge_slave_0: left allmulticast mode [ 120.860255][ T1282] bridge_slave_0: left promiscuous mode [ 120.873595][ T1282] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.420378][ T5110] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 121.438490][ T5110] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 121.454282][ T5110] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 121.463223][ T5110] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 121.475921][ T5110] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 121.486677][ T5110] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 121.647659][ T1282] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 121.663737][ T1282] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 121.697244][ T1282] bond0 (unregistering): Released all slaves [ 121.756029][ T5110] Bluetooth: hci1: command tx timeout [ 121.763762][ T6234] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 121.775345][ T6234] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 122.237181][ T6268] netlink: 20 bytes leftover after parsing attributes in process `syz.2.312'. [ 122.617583][ T6180] chnl_net:caif_netlink_parms(): no params data found [ 122.807263][ T1282] hsr_slave_0: left promiscuous mode [ 122.836962][ T1282] hsr_slave_1: left promiscuous mode [ 122.860766][ T1282] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 122.868505][ T1282] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 122.904882][ T6301] dccp_invalid_packet: P.Data Offset(0) too small [ 122.933188][ T1282] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 122.959636][ T1282] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.013627][ T1282] veth1_macvtap: left promiscuous mode [ 123.019380][ T1282] veth0_macvtap: left promiscuous mode [ 123.040803][ T1282] veth1_vlan: left promiscuous mode [ 123.049122][ T1282] veth0_vlan: left promiscuous mode [ 123.324716][ T6317] netlink: 12 bytes leftover after parsing attributes in process `syz.0.319'. [ 123.589085][ T4497] Bluetooth: hci3: command tx timeout [ 123.821588][ T4497] Bluetooth: hci1: command tx timeout [ 123.991672][ T1282] team0 (unregistering): Port device team_slave_1 removed [ 124.035732][ T1282] team0 (unregistering): Port device team_slave_0 removed [ 124.732136][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 125.068957][ T6363] netlink: 'syz.2.325': attribute type 5 has an invalid length. [ 125.160853][ T6180] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.168055][ T6180] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.210211][ T6180] bridge_slave_0: entered allmulticast mode [ 125.238537][ T6180] bridge_slave_0: entered promiscuous mode [ 125.298619][ T6180] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.306671][ T6180] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.315061][ T6180] bridge_slave_1: entered allmulticast mode [ 125.324404][ T6180] bridge_slave_1: entered promiscuous mode [ 125.445688][ T6370] syzkaller0: entered promiscuous mode [ 125.451488][ T6370] syzkaller0: entered allmulticast mode [ 125.559774][ T52] syzkaller0: tun_net_xmit 48 [ 125.662161][ T4497] Bluetooth: hci3: command tx timeout [ 125.815597][ T6180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 125.911352][ T4497] Bluetooth: hci1: command tx timeout [ 126.988474][ T6180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 127.019845][ T6238] chnl_net:caif_netlink_parms(): no params data found [ 127.151719][ T6398] netlink: 8 bytes leftover after parsing attributes in process `syz.0.332'. [ 127.159143][ T6180] team0: Port device team_slave_0 added [ 127.169002][ T5805] veth0_vlan: entered promiscuous mode [ 127.275083][ T6180] team0: Port device team_slave_1 added [ 127.313224][ T6405] netlink: 12 bytes leftover after parsing attributes in process `syz.0.333'. [ 127.385698][ T5805] veth1_vlan: entered promiscuous mode [ 127.466270][ T6180] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 127.473668][ T6180] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.508705][ T6180] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 127.577028][ T1282] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.600955][ T6238] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.608279][ T6238] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.617415][ T6238] bridge_slave_0: entered allmulticast mode [ 127.668538][ T6238] bridge_slave_0: entered promiscuous mode [ 127.683102][ T6238] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.691757][ T6238] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.699063][ T6238] bridge_slave_1: entered allmulticast mode [ 127.727865][ T6238] bridge_slave_1: entered promiscuous mode [ 127.740773][ T4497] Bluetooth: hci3: command tx timeout [ 127.741037][ T6180] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 127.787130][ T6180] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.819055][ T6180] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 127.855569][ T1282] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.983611][ T4497] Bluetooth: hci1: command tx timeout [ 128.004735][ T1282] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.086509][ T6238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.118834][ T6238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 128.230260][ T1282] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.296349][ T6440] dccp_xmit_packet: Payload too large (65475) for featneg. [ 128.325961][ T6180] hsr_slave_0: entered promiscuous mode [ 128.342882][ T6180] hsr_slave_1: entered promiscuous mode [ 128.349503][ T6180] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 128.363918][ T6180] Cannot create hsr debugfs directory [ 128.398019][ T6238] team0: Port device team_slave_0 added [ 128.426749][ T6238] team0: Port device team_slave_1 added [ 128.567520][ T6238] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.591800][ T6238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.626855][ T6238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 128.688630][ T6238] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 128.707476][ T6238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.734731][ T6238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 128.746896][ T5805] veth0_macvtap: entered promiscuous mode [ 128.790381][ T1282] bridge_slave_1: left allmulticast mode [ 128.799598][ T1282] bridge_slave_1: left promiscuous mode [ 128.805625][ T1282] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.815894][ T1282] bridge_slave_0: left allmulticast mode [ 128.822021][ T1282] bridge_slave_0: left promiscuous mode [ 128.827914][ T1282] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.976664][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88805f21dc00: rx timeout, send abort [ 128.985739][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805f21dc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 129.378283][ T1282] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 129.397404][ T1282] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 129.437939][ T1282] bond0 (unregistering): Released all slaves [ 129.475772][ T5805] veth1_macvtap: entered promiscuous mode [ 129.517615][ T6453] netlink: 'syz.0.344': attribute type 1 has an invalid length. [ 129.533151][ T6453] netlink: 'syz.0.344': attribute type 4 has an invalid length. [ 129.554004][ T6453] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.344'. [ 129.687332][ T6468] netlink: 32 bytes leftover after parsing attributes in process `syz.2.349'. [ 129.760426][ T6238] hsr_slave_0: entered promiscuous mode [ 129.775496][ T6238] hsr_slave_1: entered promiscuous mode [ 129.786619][ T6238] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 129.800074][ T6238] Cannot create hsr debugfs directory [ 129.820782][ T4497] Bluetooth: hci3: command tx timeout [ 129.909633][ T5805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.929148][ T5805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.940072][ T5805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.950886][ T5805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.960792][ T5805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.971372][ T5805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.989523][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 129.999045][ T6475] netlink: 16 bytes leftover after parsing attributes in process `syz.0.352'. [ 130.147435][ T6480] netlink: 'syz.2.354': attribute type 21 has an invalid length. [ 130.236051][ T5805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.248500][ T5805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.258658][ T5805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.271175][ T5805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.281258][ T5805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.291914][ T5805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.316651][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 130.325560][ T6487] dccp_xmit_packet: Payload too large (65475) for featneg. [ 130.340275][ T5805] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.353033][ T5805] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.363751][ T5805] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.372893][ T5805] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.639184][ T6495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.356'. [ 130.754497][ T1282] macvlan0: left promiscuous mode [ 130.778379][ T1282] batadv_slave_0: left promiscuous mode [ 130.817034][ T1282] hsr_slave_0: left promiscuous mode [ 130.845574][ T1282] hsr_slave_1: left promiscuous mode [ 130.852746][ T1282] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.861718][ T1282] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 130.870453][ T1282] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.878331][ T1282] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 130.910242][ T1282] veth1_macvtap: left promiscuous mode [ 130.917206][ T1282] veth0_macvtap: left promiscuous mode [ 130.927288][ T1282] veth1_vlan: left promiscuous mode [ 130.938758][ T1282] veth0_vlan: left promiscuous mode [ 131.486979][ T1282] team0 (unregistering): Port device team_slave_1 removed [ 131.528465][ T1282] team0 (unregistering): Port device team_slave_0 removed [ 131.964829][ T6502] netlink: 132 bytes leftover after parsing attributes in process `syz.2.357'. [ 132.162003][ T6512] netlink: 'syz.2.360': attribute type 10 has an invalid length. [ 132.264539][ T6512] 8021q: adding VLAN 0 to HW filter on device team0 [ 132.275091][ T6512] bond0: (slave team0): Enslaving as an active interface with an up link [ 132.316910][ T6514] netlink: 16 bytes leftover after parsing attributes in process `syz.2.360'. [ 132.329577][ T6512] netlink: 14 bytes leftover after parsing attributes in process `syz.2.360'. [ 132.474085][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.489915][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.609523][ T6180] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 132.699961][ T6180] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 132.757662][ T140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.785838][ T6536] dccp_invalid_packet: P.Data Offset(0) too small [ 132.790547][ T140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.858335][ T6180] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 132.891739][ T6180] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 132.904428][ T6532] netlink: 'syz.2.366': attribute type 2 has an invalid length. [ 132.914472][ T6532] netlink: 132 bytes leftover after parsing attributes in process `syz.2.366'. [ 132.928954][ T6538] netlink: 16 bytes leftover after parsing attributes in process `syz.2.366'. [ 133.151048][ T6547] netlink: 236 bytes leftover after parsing attributes in process `syz.2.368'. [ 133.187852][ T1245] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.195262][ T1245] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.655470][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.822480][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.885259][ T6180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.969064][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.059023][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.301895][ T6180] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.312161][ T5110] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 134.322516][ T5110] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 134.332678][ T5110] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 134.352852][ T6238] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 134.352903][ T5110] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 134.371016][ T5110] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 134.378621][ T5110] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 134.389796][ T6238] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 134.436572][ T6238] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 134.487098][ T6238] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 134.535750][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.542996][ T5154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.730034][ T6589] netlink: 'syz.0.379': attribute type 11 has an invalid length. [ 134.797596][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.804864][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.950396][ T6595] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 135.249478][ T35] bridge_slave_1: left allmulticast mode [ 135.260907][ T35] bridge_slave_1: left promiscuous mode [ 135.274833][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.295169][ T35] bridge_slave_0: left allmulticast mode [ 135.317252][ T35] bridge_slave_0: left promiscuous mode [ 135.330222][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.831272][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 135.859388][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 135.873973][ T35] bond0 (unregistering): Released all slaves [ 135.900278][ T6606] __nla_validate_parse: 3 callbacks suppressed [ 135.900296][ T6606] netlink: 4 bytes leftover after parsing attributes in process `syz.2.381'. [ 136.007345][ T6180] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 136.024236][ T6180] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 136.039931][ T6614] netlink: 4 bytes leftover after parsing attributes in process `syz.2.381'. [ 136.329406][ T6642] dccp_invalid_packet: P.Data Offset(0) too small [ 136.460717][ T5110] Bluetooth: hci4: command tx timeout [ 136.664729][ T6238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.766936][ T35] hsr_slave_0: left promiscuous mode [ 136.795708][ T35] hsr_slave_1: left promiscuous mode [ 136.831430][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 136.851340][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 136.865054][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 136.875842][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 136.907174][ T35] veth1_macvtap: left promiscuous mode [ 136.919565][ T35] veth0_macvtap: left promiscuous mode [ 136.927199][ T35] veth1_vlan: left promiscuous mode [ 136.940505][ T35] veth0_vlan: left promiscuous mode [ 137.112674][ T6671] sctp: [Deprecated]: syz.2.388 (pid 6671) Use of int in maxseg socket option. [ 137.112674][ T6671] Use struct sctp_assoc_value instead [ 137.918638][ T35] team0 (unregistering): Port device team_slave_1 removed [ 137.956613][ T35] team0 (unregistering): Port device team_slave_0 removed [ 138.475930][ T6238] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.540797][ T5110] Bluetooth: hci4: command tx timeout [ 138.594876][ T6180] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 138.650966][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.658211][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.710669][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.717887][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.881679][ T6574] chnl_net:caif_netlink_parms(): no params data found [ 139.040190][ T6238] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 139.073569][ T6710] netlink: 188 bytes leftover after parsing attributes in process `syz.2.399'. [ 139.083442][ T6238] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 139.094082][ T6710] netlink: 'syz.2.399': attribute type 1 has an invalid length. [ 139.135258][ T6710] netlink: 20 bytes leftover after parsing attributes in process `syz.2.399'. [ 139.258615][ T6180] veth0_vlan: entered promiscuous mode [ 139.332308][ T6721] netlink: 4 bytes leftover after parsing attributes in process `syz.2.401'. [ 139.493313][ T6574] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.527519][ T6574] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.554456][ T6574] bridge_slave_0: entered allmulticast mode [ 139.586890][ T6574] bridge_slave_0: entered promiscuous mode [ 139.603122][ T6180] veth1_vlan: entered promiscuous mode [ 139.647788][ T6574] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.672189][ T6574] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.679475][ T6574] bridge_slave_1: entered allmulticast mode [ 139.729367][ T6574] bridge_slave_1: entered promiscuous mode [ 139.848750][ T6574] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.915675][ T6238] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.948381][ T6574] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 140.154433][ T6574] team0: Port device team_slave_0 added [ 140.193308][ T6574] team0: Port device team_slave_1 added [ 140.274463][ T6180] veth0_macvtap: entered promiscuous mode [ 140.337310][ T6761] netlink: 24 bytes leftover after parsing attributes in process `syz.0.411'. [ 140.358337][ T6574] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 140.380530][ T6574] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.437544][ T6574] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 140.479296][ T6760] bond0: (slave bond_slave_0): Releasing backup interface [ 140.536196][ T6180] veth1_macvtap: entered promiscuous mode [ 140.580091][ T6574] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 140.606260][ T6574] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.632811][ T5110] Bluetooth: hci4: command tx timeout [ 140.697163][ T6574] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 140.850990][ T6777] netlink: 88 bytes leftover after parsing attributes in process `syz.0.416'. [ 140.859997][ T6777] netem: invalid attributes len -24 [ 140.874588][ T6777] netem: change failed [ 140.939505][ T6574] hsr_slave_0: entered promiscuous mode [ 140.992026][ T6574] hsr_slave_1: entered promiscuous mode [ 141.027067][ T6574] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 141.045527][ T6574] Cannot create hsr debugfs directory [ 141.157843][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 141.187452][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.204979][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 141.215966][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.229128][ T6180] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 141.326449][ T6238] veth0_vlan: entered promiscuous mode [ 141.349533][ T6238] veth1_vlan: entered promiscuous mode [ 141.388715][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 141.418974][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.438554][ T6180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 141.449756][ T6180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.462696][ T6180] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 141.477973][ T6180] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.489516][ T6180] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.499391][ T6180] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.520707][ T6180] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.727384][ T6807] netlink: 'syz.2.423': attribute type 3 has an invalid length. [ 141.732196][ T6238] veth0_macvtap: entered promiscuous mode [ 141.751493][ T6807] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.423'. [ 141.964742][ T6238] veth1_macvtap: entered promiscuous mode [ 142.061360][ T6815] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 142.178317][ T1282] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.197462][ T1282] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.274704][ T6238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.297059][ T6238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.312042][ T6238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.337403][ T6238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.364575][ T6238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.376798][ T6238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.403937][ T6238] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 142.558788][ T6831] netlink: 'syz.2.428': attribute type 15 has an invalid length. [ 142.583096][ T6238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.598580][ T6238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.617365][ T6238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.637460][ T6238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.649958][ T6238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.661342][ T6238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.673164][ T6238] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 142.693992][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.702114][ T5110] Bluetooth: hci4: command tx timeout [ 142.704734][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.779450][ T6238] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.794732][ T6238] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.803757][ T6238] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.812634][ T6238] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.000572][ T6840] FAULT_INJECTION: forcing a failure. [ 143.000572][ T6840] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 143.014993][ T6840] CPU: 1 PID: 6840 Comm: syz.1.289 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 143.024681][ T6840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 143.034772][ T6840] Call Trace: [ 143.038083][ T6840] [ 143.041048][ T6840] dump_stack_lvl+0x241/0x360 [ 143.045773][ T6840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.051011][ T6840] ? __pfx__printk+0x10/0x10 [ 143.055648][ T6840] ? __pfx_lock_release+0x10/0x10 [ 143.060728][ T6840] should_fail_ex+0x3b0/0x4e0 [ 143.065462][ T6840] _copy_from_user+0x2f/0xe0 [ 143.070112][ T6840] copy_msghdr_from_user+0xae/0x680 [ 143.075364][ T6840] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 143.081250][ T6840] __sys_sendmsg+0x23d/0x3a0 [ 143.085877][ T6840] ? __pfx___sys_sendmsg+0x10/0x10 [ 143.091034][ T6840] ? vfs_write+0x7c4/0xc90 [ 143.095555][ T6840] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 143.101936][ T6840] ? do_syscall_64+0x100/0x230 [ 143.106753][ T6840] ? do_syscall_64+0xb6/0x230 [ 143.111478][ T6840] do_syscall_64+0xf3/0x230 [ 143.116020][ T6840] ? clear_bhb_loop+0x35/0x90 [ 143.120745][ T6840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.126683][ T6840] RIP: 0033:0x7ff183d75b59 [ 143.129493][ T6574] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 143.131131][ T6840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.131150][ T6840] RSP: 002b:00007ff1837ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.131174][ T6840] RAX: ffffffffffffffda RBX: 00007ff183f05f60 RCX: 00007ff183d75b59 [ 143.131189][ T6840] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 143.181893][ T6840] RBP: 00007ff1837ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 143.189907][ T6840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.197937][ T6840] R13: 000000000000000b R14: 00007ff183f05f60 R15: 00007ffdfe2b64b8 [ 143.205975][ T6840] [ 143.238574][ T6574] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 143.292513][ T6574] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 143.353561][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.387276][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.410378][ T6574] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 143.572964][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.626679][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.955895][ T6867] can: request_module (can-proto-0) failed. [ 144.108874][ T6574] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.195669][ T6884] netlink: 'syz.4.442': attribute type 4 has an invalid length. [ 144.310036][ T6574] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.378121][ T4881] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.385510][ T4881] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.497532][ T4881] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.504805][ T4881] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.556924][ T6897] netlink: 16 bytes leftover after parsing attributes in process `syz.0.440'. [ 144.787200][ T4497] Bluetooth: hci0: command 0x0401 tx timeout [ 144.794447][ T5110] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 145.534500][ T6574] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.691295][ T6929] netlink: 'syz.2.451': attribute type 3 has an invalid length. [ 145.826286][ T6574] veth0_vlan: entered promiscuous mode [ 145.927273][ T6574] veth1_vlan: entered promiscuous mode [ 146.056718][ T6574] veth0_macvtap: entered promiscuous mode [ 146.107185][ T6574] veth1_macvtap: entered promiscuous mode [ 146.225661][ T6574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.277399][ T6574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.319772][ T6574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.363421][ T6574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.416428][ T6574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.465433][ T6574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.485782][ T6574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.506591][ T6574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.533510][ T6574] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 146.565590][ T6991] bridge0: port 3(vlan2) entered blocking state [ 146.596788][ T6991] bridge0: port 3(vlan2) entered disabled state [ 146.622496][ T6991] vlan2: entered allmulticast mode [ 146.641766][ T6991] vlan2: left allmulticast mode [ 146.698344][ T6996] netlink: 48 bytes leftover after parsing attributes in process `syz.4.462'. [ 146.726407][ T6574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 146.800638][ T6574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.841762][ T6574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 146.887216][ T6574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.947467][ T6574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 146.996352][ T6574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.026668][ T6574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.080561][ T6574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.105268][ T6574] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 147.175928][ T6574] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.208260][ T6574] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.226549][ T6574] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.241527][ T4881] IPVS: starting estimator thread 0... [ 147.249983][ T6574] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.341861][ T7026] netlink: 'syz.1.471': attribute type 3 has an invalid length. [ 147.360800][ T7022] IPVS: using max 17 ests per chain, 40800 per kthread [ 147.431391][ T7026] netlink: 'syz.1.471': attribute type 3 has an invalid length. [ 147.874049][ T7049] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 148.002305][ T7049] xt_CT: No such helper "snmp" [ 148.030758][ T6970] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.038629][ T6970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.128503][ T7055] netlink: 24 bytes leftover after parsing attributes in process `syz.0.479'. [ 148.153663][ T6946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.195369][ T6946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.355157][ T7061] ip6gretap0: entered promiscuous mode [ 148.382704][ T7061] macvtap1: entered allmulticast mode [ 148.397998][ T7061] ip6gretap0: entered allmulticast mode [ 148.414241][ T7061] ip6gretap0: left allmulticast mode [ 148.426552][ T7061] ip6gretap0: left promiscuous mode [ 148.488305][ T7066] netlink: 32 bytes leftover after parsing attributes in process `syz.0.482'. [ 148.563846][ C0] eth0: bad gso: type: 1, size: 1408 [ 148.827954][ T7086] netlink: 156 bytes leftover after parsing attributes in process `syz.0.491'. [ 148.854187][ T7086] netlink: 'syz.0.491': attribute type 2 has an invalid length. [ 148.883290][ T7094] netlink: 'syz.4.495': attribute type 21 has an invalid length. [ 148.890969][ T7086] netlink: 60 bytes leftover after parsing attributes in process `syz.0.491'. [ 148.969146][ T7089] netlink: 8 bytes leftover after parsing attributes in process `syz.2.493'. [ 149.059839][ T7103] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.497'. [ 149.089895][ T7106] netlink: 4 bytes leftover after parsing attributes in process `syz.1.499'. [ 149.113881][ T7103] openvswitch: netlink: VXLAN extension 1024 out of range max 1 [ 149.203479][ T6946] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.369307][ T6946] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.612606][ T6946] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.658640][ T6946] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.906253][ T7130] netlink: 'syz.2.503': attribute type 10 has an invalid length. [ 150.003738][ T7130] netlink: 40 bytes leftover after parsing attributes in process `syz.2.503'. [ 150.054600][ T7138] netlink: 76 bytes leftover after parsing attributes in process `syz.1.504'. [ 150.095962][ T7138] netlink: 20 bytes leftover after parsing attributes in process `syz.1.504'. [ 150.132773][ T6946] bridge_slave_1: left allmulticast mode [ 150.138498][ T6946] bridge_slave_1: left promiscuous mode [ 150.191775][ T6946] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.307686][ T6946] bridge_slave_0: left allmulticast mode [ 150.314206][ T6946] bridge_slave_0: left promiscuous mode [ 150.340947][ T6946] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.397274][ T5111] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 150.407088][ T5111] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 150.416636][ T5111] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 150.428320][ T5111] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 150.442514][ T5111] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 150.450905][ T5111] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 150.950796][ T5110] Bluetooth: hci3: command 0x0405 tx timeout [ 150.958858][ T6946] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 150.978169][ T6946] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 150.991084][ T6946] bond0 (unregistering): Released all slaves [ 151.075747][ T7158] veth0_macvtap: left promiscuous mode [ 151.475720][ T7181] netlink: 'syz.1.518': attribute type 10 has an invalid length. [ 151.590093][ T6946] hsr_slave_0: left promiscuous mode [ 151.617328][ T6946] hsr_slave_1: left promiscuous mode [ 151.649612][ T6946] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 151.682452][ T6946] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 151.720075][ T6946] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 151.749731][ T6946] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 151.801400][ T6946] veth1_macvtap: left promiscuous mode [ 151.810606][ T6946] veth0_macvtap: left promiscuous mode [ 151.826585][ T6946] veth1_vlan: left promiscuous mode [ 151.836706][ T6946] veth0_vlan: left promiscuous mode [ 152.552808][ T4497] Bluetooth: hci4: command tx timeout [ 152.601179][ T6946] team0 (unregistering): Port device team_slave_1 removed [ 152.645417][ T6946] team0 (unregistering): Port device team_slave_0 removed [ 153.116046][ T7225] gtp0: entered promiscuous mode [ 153.134353][ T7225] gtp0: entered allmulticast mode [ 153.268110][ T7236] __nla_validate_parse: 1 callbacks suppressed [ 153.268132][ T7236] netlink: 8 bytes leftover after parsing attributes in process `syz.4.536'. [ 153.380241][ T7235] netlink: 8 bytes leftover after parsing attributes in process `syz.1.534'. [ 153.517982][ T7147] chnl_net:caif_netlink_parms(): no params data found [ 153.529712][ T7246] netlink: 60 bytes leftover after parsing attributes in process `syz.4.539'. [ 153.678917][ T7255] netlink: zone id is out of range [ 153.689447][ T7255] netlink: get zone limit has 4 unknown bytes [ 153.803215][ T7147] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.816722][ T7147] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.830708][ T7147] bridge_slave_0: entered allmulticast mode [ 153.867822][ T7147] bridge_slave_0: entered promiscuous mode [ 153.905487][ T7147] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.920810][ T7147] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.937121][ T7147] bridge_slave_1: entered allmulticast mode [ 153.951956][ T7147] bridge_slave_1: entered promiscuous mode [ 154.070840][ T7147] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.097112][ T7147] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.124742][ T7277] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.550'. [ 154.178054][ T7273] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.550'. [ 154.249436][ T7147] team0: Port device team_slave_0 added [ 154.262812][ T7285] dccp_invalid_packet: P.Data Offset(0) too small [ 154.277103][ T7147] team0: Port device team_slave_1 added [ 154.415909][ T7147] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 154.423293][ T7147] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.458495][ T7147] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 154.472781][ T7290] netlink: 'syz.1.556': attribute type 10 has an invalid length. [ 154.515154][ T7290] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 154.542001][ T7147] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 154.563117][ T7147] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.628767][ T4497] Bluetooth: hci4: command tx timeout [ 154.666395][ T7147] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 154.759937][ T7147] hsr_slave_0: entered promiscuous mode [ 154.774776][ T7147] hsr_slave_1: entered promiscuous mode [ 154.786629][ T7311] netlink: 'syz.2.564': attribute type 96 has an invalid length. [ 154.803350][ T7147] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 154.832877][ T7147] Cannot create hsr debugfs directory [ 155.704745][ T7147] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 155.748402][ T7147] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 155.775119][ T7147] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 155.796517][ T7147] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 156.110300][ T7147] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.159828][ T7147] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.202372][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.209612][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.271674][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.278870][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.302518][ T7371] netlink: 20 bytes leftover after parsing attributes in process `syz.2.587'. [ 156.523305][ T7382] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.604461][ T7382] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.656037][ T7379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.677762][ T7400] veth0_virt_wifi: entered promiscuous mode [ 156.701202][ T4497] Bluetooth: hci4: command tx timeout [ 156.819283][ T7147] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.940311][ T7147] veth0_vlan: entered promiscuous mode [ 156.967937][ T7147] veth1_vlan: entered promiscuous mode [ 157.055746][ T7147] veth0_macvtap: entered promiscuous mode [ 157.078158][ T7147] veth1_macvtap: entered promiscuous mode [ 157.118293][ T7147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.140185][ T7147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.167713][ T7147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.185687][ T7147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.202397][ T7147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.218241][ T7147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.232290][ T7147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.243847][ T7147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.271759][ T7147] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.285445][ T7147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.300254][ T7147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.310876][ T7147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.322843][ T7147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.340918][ T7147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.368020][ T7147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.378238][ T7147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.389889][ T7147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.405985][ T7147] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.444315][ T7147] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.454695][ T7147] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.464045][ T7147] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.479625][ T7147] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.694770][ T1262] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.707357][ T1262] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.754559][ T1262] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.765529][ T1262] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.163300][ T7450] netlink: 12 bytes leftover after parsing attributes in process `syz.1.610'. [ 158.529630][ T7465] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.613'. [ 158.593102][ T7468] netlink: 4 bytes leftover after parsing attributes in process `syz.2.616'. [ 159.055809][ T7496] dccp_invalid_packet: P.Data Offset(0) too small [ 159.678201][ T7525] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.630'. [ 159.769309][ T7531] dccp_invalid_packet: P.Data Offset(0) too small [ 160.003525][ T7543] netlink: 'syz.4.643': attribute type 3 has an invalid length. [ 160.026961][ T7543] netlink: 130984 bytes leftover after parsing attributes in process `syz.4.643'. [ 160.276728][ T7556] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (3849) [ 160.311352][ T7556] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023 [ 160.347991][ T7562] netlink: 'syz.2.647': attribute type 10 has an invalid length. [ 160.360286][ T7564] Bluetooth: MGMT ver 1.23 [ 160.396535][ T7558] netlink: 40 bytes leftover after parsing attributes in process `syz.0.646'. [ 160.419138][ T7556] netlink: 8 bytes leftover after parsing attributes in process `syz.0.646'. [ 160.430005][ T7556] netlink: 8 bytes leftover after parsing attributes in process `syz.0.646'. [ 160.537023][ T1282] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.761526][ T7562] netlink: 16 bytes leftover after parsing attributes in process `syz.2.647'. [ 161.379565][ T7592] dccp_invalid_packet: P.Data Offset(0) too small [ 161.575923][ T7604] netlink: 'syz.1.653': attribute type 11 has an invalid length. [ 161.689983][ T7610] netlink: 12 bytes leftover after parsing attributes in process `syz.0.649'. [ 161.721078][ T7610] tipc: Started in network mode [ 161.726098][ T7610] tipc: Node identity 7a5ffcb180ca, cluster identity 4711 [ 161.761460][ T7610] tipc: Enabled bearer , priority 10 [ 161.893360][ T5110] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 161.907677][ T5110] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 161.926095][ T5110] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 161.942195][ T5110] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 161.961957][ T5110] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 161.969533][ T5110] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 162.142004][ T1282] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.198214][ T7628] A link change request failed with some changes committed already. Interface team_slave_1 may have been left with an inconsistent configuration, please check. [ 162.215259][ T7629] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 162.223136][ T7629] IPv6: NLM_F_CREATE should be set when creating new route [ 162.356560][ T1282] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.456401][ T7637] dccp_invalid_packet: P.Data Offset(0) too small [ 162.526685][ T1282] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.603474][ T7644] netlink: 4 bytes leftover after parsing attributes in process `syz.1.667'. [ 162.892500][ T5154] tipc: Node number set to 4204133553 [ 163.130837][ T1282] bridge_slave_1: left allmulticast mode [ 163.154480][ T1282] bridge_slave_1: left promiscuous mode [ 163.160349][ T1282] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.209939][ T1282] bridge_slave_0: left allmulticast mode [ 163.219594][ T1282] bridge_slave_0: left promiscuous mode [ 163.231167][ T1282] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.750740][ T1282] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 163.769993][ T1282] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 163.784022][ T1282] bond0 (unregistering): Released all slaves [ 163.835272][ T7676] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 163.863734][ T7680] netlink: 8 bytes leftover after parsing attributes in process `syz.1.677'. [ 164.051536][ T7692] dccp_invalid_packet: P.Data Offset(0) too small [ 164.061014][ T4497] Bluetooth: hci4: command tx timeout [ 164.090170][ T7693] netlink: 24 bytes leftover after parsing attributes in process `syz.4.682'. [ 164.166487][ T7619] chnl_net:caif_netlink_parms(): no params data found [ 164.353242][ T7705] FAULT_INJECTION: forcing a failure. [ 164.353242][ T7705] name failslab, interval 1, probability 0, space 0, times 0 [ 164.398998][ T7705] CPU: 1 PID: 7705 Comm: syz.4.686 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 164.408706][ T7705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 164.418772][ T7705] Call Trace: [ 164.422059][ T7705] [ 164.425001][ T7705] dump_stack_lvl+0x241/0x360 [ 164.429699][ T7705] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.434917][ T7705] ? __pfx__printk+0x10/0x10 [ 164.439528][ T7705] should_fail_ex+0x3b0/0x4e0 [ 164.444217][ T7705] ? __xdp_reg_mem_model+0x1e3/0x620 [ 164.449516][ T7705] should_failslab+0x9/0x20 [ 164.454042][ T7705] __kmalloc_cache_noprof+0x6c/0x2c0 [ 164.459344][ T7705] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 164.465342][ T7705] __xdp_reg_mem_model+0x1e3/0x620 [ 164.470469][ T7705] ? __pfx___xdp_reg_mem_model+0x10/0x10 [ 164.476113][ T7705] ? page_pool_list+0x232/0x280 [ 164.480992][ T7705] xdp_reg_mem_model+0x22/0x40 [ 164.485764][ T7705] bpf_test_run_xdp_live+0x31e/0x2110 [ 164.491196][ T7705] ? arch_stack_walk+0x16d/0x1b0 [ 164.496164][ T7705] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 164.501985][ T7705] ? mark_lock+0x9a/0x350 [ 164.506386][ T7705] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 164.512301][ T7705] ? __might_fault+0xaa/0x120 [ 164.516985][ T7705] ? __might_fault+0xc6/0x120 [ 164.521694][ T7705] ? _copy_from_user+0xa6/0xe0 [ 164.526475][ T7705] ? bpf_test_init+0x15a/0x180 [ 164.531250][ T7705] ? xdp_convert_md_to_buff+0x5b/0x330 [ 164.536728][ T7705] bpf_prog_test_run_xdp+0x80e/0x11b0 [ 164.542117][ T7705] ? __pfx_lock_release+0x10/0x10 [ 164.547164][ T7705] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 164.552989][ T7705] ? __fget_files+0x29/0x470 [ 164.557604][ T7705] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 164.563426][ T7705] bpf_prog_test_run+0x33a/0x3b0 [ 164.568383][ T7705] __sys_bpf+0x48d/0x810 [ 164.572637][ T7705] ? __pfx___sys_bpf+0x10/0x10 [ 164.577420][ T7705] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 164.583412][ T7705] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 164.589753][ T7705] ? do_syscall_64+0x100/0x230 [ 164.594544][ T7705] __x64_sys_bpf+0x7c/0x90 [ 164.598991][ T7705] do_syscall_64+0xf3/0x230 [ 164.603520][ T7705] ? clear_bhb_loop+0x35/0x90 [ 164.608216][ T7705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.614123][ T7705] RIP: 0033:0x7f3658d75b59 [ 164.618544][ T7705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.638152][ T7705] RSP: 002b:00007f3659a5e048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 164.646573][ T7705] RAX: ffffffffffffffda RBX: 00007f3658f05f60 RCX: 00007f3658d75b59 [ 164.654551][ T7705] RDX: 0000000000000069 RSI: 0000000020000500 RDI: 000000000000000a [ 164.662534][ T7705] RBP: 00007f3659a5e0a0 R08: 0000000000000000 R09: 0000000000000000 [ 164.670516][ T7705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 164.678503][ T7705] R13: 000000000000000b R14: 00007f3658f05f60 R15: 00007ffd7729f3e8 [ 164.686499][ T7705] [ 164.974144][ T7722] netlink: get zone limit has 4 unknown bytes [ 164.996872][ T1282] hsr_slave_0: left promiscuous mode [ 165.028691][ T1282] hsr_slave_1: left promiscuous mode [ 165.050463][ T1282] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.058166][ T1282] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.092418][ T1282] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 165.099898][ T1282] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 165.196201][ T1282] veth1_macvtap: left promiscuous mode [ 165.221976][ T1282] veth0_macvtap: left promiscuous mode [ 165.248027][ T1282] veth1_vlan: left promiscuous mode [ 165.254749][ T1282] veth0_vlan: left promiscuous mode [ 165.936145][ T1282] team0 (unregistering): Port device team_slave_1 removed [ 165.985721][ T1282] team0 (unregistering): Port device team_slave_0 removed [ 166.140684][ T4497] Bluetooth: hci4: command tx timeout [ 166.678604][ T7619] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.687920][ T7619] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.696312][ T7619] bridge_slave_0: entered allmulticast mode [ 166.705979][ T7619] bridge_slave_0: entered promiscuous mode [ 166.714764][ T7767] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.737267][ T7767] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.760057][ T7771] netlink: 4 bytes leftover after parsing attributes in process `syz.2.704'. [ 166.788918][ T7771] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 166.821353][ T7619] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.839812][ T7778] netlink: 4 bytes leftover after parsing attributes in process `syz.0.707'. [ 166.856051][ T7619] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.881580][ T7619] bridge_slave_1: entered allmulticast mode [ 166.910979][ T7619] bridge_slave_1: entered promiscuous mode [ 167.007374][ T7619] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.038717][ T7619] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.169303][ T7791] lo speed is unknown, defaulting to 1000 [ 167.203438][ T7619] team0: Port device team_slave_0 added [ 167.216615][ T7791] lo speed is unknown, defaulting to 1000 [ 167.233285][ T7619] team0: Port device team_slave_1 added [ 167.240399][ T7791] lo speed is unknown, defaulting to 1000 [ 167.311124][ T7791] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 167.363280][ T7619] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.368217][ T7791] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 167.383303][ T7619] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.437476][ T7619] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.466903][ T7619] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.488690][ T7619] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.515262][ T7619] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.534119][ T7791] lo speed is unknown, defaulting to 1000 [ 167.538242][ T7805] netlink: 188 bytes leftover after parsing attributes in process `syz.4.715'. [ 167.556033][ T7791] lo speed is unknown, defaulting to 1000 [ 167.616563][ T7791] lo speed is unknown, defaulting to 1000 [ 167.640084][ T7619] hsr_slave_0: entered promiscuous mode [ 167.655729][ T7619] hsr_slave_1: entered promiscuous mode [ 167.675624][ T7619] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.687807][ T7619] Cannot create hsr debugfs directory [ 167.697365][ T7791] lo speed is unknown, defaulting to 1000 [ 167.727540][ T7791] lo speed is unknown, defaulting to 1000 [ 167.912189][ T7815] netlink: 4 bytes leftover after parsing attributes in process `syz.1.718'. [ 167.925921][ T7815] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 168.078466][ T7826] dccp_invalid_packet: P.Data Offset(0) too small [ 168.112654][ T7821] netlink: 'syz.2.721': attribute type 10 has an invalid length. [ 168.221109][ T4497] Bluetooth: hci4: command tx timeout [ 168.229970][ T7828] netlink: 12 bytes leftover after parsing attributes in process `syz.1.722'. [ 168.299179][ T7838] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 168.589429][ T7856] FAULT_INJECTION: forcing a failure. [ 168.589429][ T7856] name failslab, interval 1, probability 0, space 0, times 0 [ 168.644968][ T7856] CPU: 1 PID: 7856 Comm: syz.2.731 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 168.654692][ T7856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 168.664787][ T7856] Call Trace: [ 168.668102][ T7856] [ 168.671068][ T7856] dump_stack_lvl+0x241/0x360 [ 168.675792][ T7856] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.681046][ T7856] ? __pfx__printk+0x10/0x10 [ 168.685692][ T7856] ? netlink_insert+0x10b7/0x14b0 [ 168.690773][ T7856] should_fail_ex+0x3b0/0x4e0 [ 168.695499][ T7856] ? __alloc_skb+0x1c3/0x440 [ 168.700154][ T7856] should_failslab+0x9/0x20 [ 168.704705][ T7856] kmem_cache_alloc_node_noprof+0x71/0x320 [ 168.710567][ T7856] __alloc_skb+0x1c3/0x440 [ 168.715049][ T7856] ? __pfx___alloc_skb+0x10/0x10 [ 168.720052][ T7856] ? netlink_autobind+0xd6/0x2f0 [ 168.725058][ T7856] ? netlink_autobind+0x2b0/0x2f0 [ 168.730138][ T7856] netlink_sendmsg+0x638/0xcb0 [ 168.734963][ T7856] ? __pfx_netlink_sendmsg+0x10/0x10 [ 168.740307][ T7856] ? __import_iovec+0x536/0x820 [ 168.743693][ T7619] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 168.745185][ T7856] ? aa_sock_msg_perm+0x91/0x160 [ 168.756856][ T7856] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 168.762190][ T7856] ? security_socket_sendmsg+0x87/0xb0 [ 168.767709][ T7856] ? __pfx_netlink_sendmsg+0x10/0x10 [ 168.773047][ T7856] __sock_sendmsg+0x221/0x270 [ 168.777774][ T7856] ____sys_sendmsg+0x525/0x7d0 [ 168.782604][ T7856] ? __pfx_____sys_sendmsg+0x10/0x10 [ 168.787965][ T7856] __sys_sendmsg+0x2b0/0x3a0 [ 168.792615][ T7856] ? __pfx___sys_sendmsg+0x10/0x10 [ 168.797776][ T7856] ? vfs_write+0x7c4/0xc90 [ 168.802280][ T7856] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 168.808659][ T7856] ? do_syscall_64+0x100/0x230 [ 168.813483][ T7856] ? do_syscall_64+0xb6/0x230 [ 168.818243][ T7856] do_syscall_64+0xf3/0x230 [ 168.822797][ T7856] ? clear_bhb_loop+0x35/0x90 [ 168.827534][ T7856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.833477][ T7856] RIP: 0033:0x7f1962375b59 [ 168.837936][ T7856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.857585][ T7856] RSP: 002b:00007f196316b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 168.866051][ T7856] RAX: ffffffffffffffda RBX: 00007f1962505f60 RCX: 00007f1962375b59 [ 168.874065][ T7856] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 168.882099][ T7856] RBP: 00007f196316b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 168.890120][ T7856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.898136][ T7856] R13: 000000000000000b R14: 00007f1962505f60 R15: 00007ffe51432e78 [ 168.906167][ T7856] [ 168.915659][ T7619] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 168.994612][ T7619] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 169.049583][ T7619] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 169.255313][ T7887] bond_slave_0: entered promiscuous mode [ 169.261431][ T7887] bond_slave_1: entered promiscuous mode [ 169.271163][ T7887] vlan2: entered promiscuous mode [ 169.284386][ T7887] bond0: entered promiscuous mode [ 169.295157][ T7887] bond0: left promiscuous mode [ 169.301096][ T7887] bond_slave_0: left promiscuous mode [ 169.306690][ T7887] bond_slave_1: left promiscuous mode [ 169.447495][ T7896] ipip0: entered promiscuous mode [ 169.459784][ T7899] netlink: 'syz.1.746': attribute type 4 has an invalid length. [ 169.560238][ T7619] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.631277][ T7619] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.657159][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.664425][ T5154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.708918][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.716212][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state Connection to 10.128.1.43 closed by remote host. [ 170.301685][ T5110] Bluetooth: hci0: command 0x0401 tx timeout [ 170.308568][ T4497] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 170.348595][ T7905] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 170.388678][ T5101] ------------[ cut here ]------------ [ 170.394705][ T5101] ODEBUG: free active (active state 0) object: ffff88807dd54978 object type: timer_list hint: hci_cmd_timeout+0x0/0x1e0 [ 170.421247][ T5101] WARNING: CPU: 0 PID: 5101 at lib/debugobjects.c:518 debug_print_object+0x17a/0x1f0 [ 170.430974][ T5101] Modules linked in: [ 170.434909][ T5101] CPU: 0 PID: 5101 Comm: syz-executor Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 170.444987][ T5101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 170.455237][ T5101] RIP: 0010:debug_print_object+0x17a/0x1f0 [ 170.461407][ T5101] Code: e8 1b 7f 42 fd 4c 8b 0b 48 c7 c7 c0 72 20 8c 48 8b 74 24 08 48 89 ea 44 89 e1 4d 89 f8 ff 34 24 e8 db 5b 9e fc 48 83 c4 08 90 <0f> 0b 90 90 ff 05 fc 35 f8 0a 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 [ 170.481207][ T5101] RSP: 0018:ffffc900036cf838 EFLAGS: 00010282 [ 170.488033][ T5101] RAX: 2eb135633fc17900 RBX: ffffffff8bccb720 RCX: ffff888027205a00 [ 170.496800][ T5101] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 170.504911][ T5101] RBP: ffffffff8c207440 R08: ffffffff815565a2 R09: fffffbfff1c39f60 [ 170.513031][ T5101] R10: dffffc0000000000 R11: fffffbfff1c39f60 R12: 0000000000000000 [ 170.521135][ T5101] R13: ffffffff8c207358 R14: dffffc0000000000 R15: ffff88807dd54978 [ 170.529164][ T5101] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 170.538201][ T5101] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 170.545022][ T5101] CR2: 00007ff184a356b8 CR3: 000000000e134000 CR4: 00000000003506f0 [ 170.553101][ T5101] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 170.561204][ T5101] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 170.569215][ T5101] Call Trace: [ 170.572597][ T5101] [ 170.575562][ T5101] ? __warn+0x163/0x4e0 [ 170.579807][ T5101] ? debug_print_object+0x17a/0x1f0 [ 170.585139][ T5101] ? report_bug+0x2b3/0x500 [ 170.590247][ T5101] ? debug_print_object+0x17a/0x1f0 [ 170.595988][ T5101] ? handle_bug+0x3e/0x70 [ 170.600368][ T5101] ? exc_invalid_op+0x1a/0x50 [ 170.605198][ T5101] ? asm_exc_invalid_op+0x1a/0x20 [ 170.610272][ T5101] ? __warn_printk+0x292/0x360 [ 170.615168][ T5101] ? debug_print_object+0x17a/0x1f0 [ 170.620414][ T5101] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 170.625916][ T5101] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 170.631325][ T5101] debug_check_no_obj_freed+0x45b/0x580 [ 170.636929][ T5101] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 170.643146][ T5101] ? lockdep_hardirqs_on+0x99/0x150 [ 170.648437][ T5101] ? hci_release_dev+0x1525/0x16b0 [ 170.653654][ T5101] kfree+0x10f/0x360 [ 170.657588][ T5101] hci_release_dev+0x1525/0x16b0 [ 170.662629][ T5101] ? devres_release_all+0x1eb/0x250 [ 170.667863][ T5101] ? device_release+0x66/0x1c0 [ 170.672729][ T5101] ? __pfx_hci_release_dev+0x10/0x10 [ 170.678039][ T5101] ? device_release+0x66/0x1c0 [ 170.682877][ T5101] ? rcu_is_watching+0x15/0xb0 [ 170.687656][ T5101] ? device_release+0x66/0x1c0 [ 170.693049][ T5101] bt_host_release+0x83/0x90 [ 170.698084][ T5101] ? __pfx_bt_host_release+0x10/0x10 [ 170.703658][ T5101] device_release+0x99/0x1c0 [ 170.708260][ T5101] kobject_put+0x22f/0x480 [ 170.712970][ T5101] vhci_release+0x8b/0xd0 [ 170.717345][ T5101] ? __pfx_vhci_release+0x10/0x10 [ 170.722493][ T5101] __fput+0x24a/0x8a0 [ 170.726678][ T5101] task_work_run+0x24f/0x310 [ 170.731378][ T5101] ? __pfx_task_work_run+0x10/0x10 [ 170.736523][ T5101] ? do_exit+0xa2a/0x27f0 [ 170.740990][ T5101] ? kmem_cache_free+0x145/0x350 [ 170.745975][ T5101] do_exit+0xa2f/0x27f0 [ 170.750158][ T5101] ? __pfx_do_exit+0x10/0x10 [ 170.754852][ T5101] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 170.760926][ T5101] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 170.767301][ T5101] ? _raw_spin_unlock_irq+0x23/0x50 [ 170.772627][ T5101] ? lockdep_hardirqs_on+0x99/0x150 [ 170.777883][ T5101] do_group_exit+0x207/0x2c0 [ 170.782615][ T5101] __x64_sys_exit_group+0x3f/0x40 [ 170.787655][ T5101] x64_sys_call+0x26c3/0x26d0 [ 170.792474][ T5101] do_syscall_64+0xf3/0x230 [ 170.797393][ T5101] ? clear_bhb_loop+0x35/0x90 [ 170.802654][ T5101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.808590][ T5101] RIP: 0033:0x7fd207375b59 [ 170.813090][ T5101] Code: Unable to access opcode bytes at 0x7fd207375b2f. [ 170.820124][ T5101] RSP: 002b:00007fffd6b51708 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 170.828638][ T5101] RAX: ffffffffffffffda RBX: 00007fd2073e4a82 RCX: 00007fd207375b59 [ 170.836676][ T5101] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 170.844713][ T5101] RBP: 00007fd2073e4a94 R08: 00007fffd6b4f4a7 R09: 0000000000000bb8 [ 170.852767][ T5101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 170.860855][ T5101] R13: 0000000000000bb8 R14: 00000000000296a4 R15: 0000000000029668 [ 170.868887][ T5101] [ 170.872021][ T5101] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 170.879313][ T5101] CPU: 0 PID: 5101 Comm: syz-executor Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 170.889207][ T5101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 170.899270][ T5101] Call Trace: [ 170.902578][ T5101] [ 170.905509][ T5101] dump_stack_lvl+0x241/0x360 [ 170.910194][ T5101] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.915397][ T5101] ? __pfx__printk+0x10/0x10 [ 170.920010][ T5101] ? _printk+0xd5/0x120 [ 170.924196][ T5101] ? vscnprintf+0x5d/0x90 [ 170.928550][ T5101] panic+0x349/0x860 [ 170.932478][ T5101] ? __warn+0x172/0x4e0 [ 170.936667][ T5101] ? __pfx_panic+0x10/0x10 [ 170.941135][ T5101] ? show_trace_log_lvl+0x4e6/0x520 [ 170.946476][ T5101] __warn+0x346/0x4e0 [ 170.950460][ T5101] ? debug_print_object+0x17a/0x1f0 [ 170.955674][ T5101] report_bug+0x2b3/0x500 [ 170.960008][ T5101] ? debug_print_object+0x17a/0x1f0 [ 170.965213][ T5101] handle_bug+0x3e/0x70 [ 170.969407][ T5101] exc_invalid_op+0x1a/0x50 [ 170.973925][ T5101] asm_exc_invalid_op+0x1a/0x20 [ 170.978794][ T5101] RIP: 0010:debug_print_object+0x17a/0x1f0 [ 170.984621][ T5101] Code: e8 1b 7f 42 fd 4c 8b 0b 48 c7 c7 c0 72 20 8c 48 8b 74 24 08 48 89 ea 44 89 e1 4d 89 f8 ff 34 24 e8 db 5b 9e fc 48 83 c4 08 90 <0f> 0b 90 90 ff 05 fc 35 f8 0a 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 [ 171.004247][ T5101] RSP: 0018:ffffc900036cf838 EFLAGS: 00010282 [ 171.010330][ T5101] RAX: 2eb135633fc17900 RBX: ffffffff8bccb720 RCX: ffff888027205a00 [ 171.018310][ T5101] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 171.026288][ T5101] RBP: ffffffff8c207440 R08: ffffffff815565a2 R09: fffffbfff1c39f60 [ 171.034273][ T5101] R10: dffffc0000000000 R11: fffffbfff1c39f60 R12: 0000000000000000 [ 171.042256][ T5101] R13: ffffffff8c207358 R14: dffffc0000000000 R15: ffff88807dd54978 [ 171.050243][ T5101] ? __warn_printk+0x292/0x360 [ 171.055030][ T5101] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 171.060333][ T5101] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 171.065639][ T5101] debug_check_no_obj_freed+0x45b/0x580 [ 171.071211][ T5101] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 171.077292][ T5101] ? lockdep_hardirqs_on+0x99/0x150 [ 171.082504][ T5101] ? hci_release_dev+0x1525/0x16b0 [ 171.087625][ T5101] kfree+0x10f/0x360 [ 171.091536][ T5101] hci_release_dev+0x1525/0x16b0 [ 171.096487][ T5101] ? devres_release_all+0x1eb/0x250 [ 171.101709][ T5101] ? device_release+0x66/0x1c0 [ 171.106498][ T5101] ? __pfx_hci_release_dev+0x10/0x10 [ 171.111794][ T5101] ? device_release+0x66/0x1c0 [ 171.116567][ T5101] ? rcu_is_watching+0x15/0xb0 [ 171.121352][ T5101] ? device_release+0x66/0x1c0 [ 171.126128][ T5101] bt_host_release+0x83/0x90 [ 171.130741][ T5101] ? __pfx_bt_host_release+0x10/0x10 [ 171.136051][ T5101] device_release+0x99/0x1c0 [ 171.140654][ T5101] kobject_put+0x22f/0x480 [ 171.145089][ T5101] vhci_release+0x8b/0xd0 [ 171.149433][ T5101] ? __pfx_vhci_release+0x10/0x10 [ 171.154475][ T5101] __fput+0x24a/0x8a0 [ 171.158503][ T5101] task_work_run+0x24f/0x310 [ 171.163113][ T5101] ? __pfx_task_work_run+0x10/0x10 [ 171.168231][ T5101] ? do_exit+0xa2a/0x27f0 [ 171.172575][ T5101] ? kmem_cache_free+0x145/0x350 [ 171.177546][ T5101] do_exit+0xa2f/0x27f0 [ 171.181731][ T5101] ? __pfx_do_exit+0x10/0x10 [ 171.186335][ T5101] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 171.192336][ T5101] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 171.198685][ T5101] ? _raw_spin_unlock_irq+0x23/0x50 [ 171.203908][ T5101] ? lockdep_hardirqs_on+0x99/0x150 [ 171.209130][ T5101] do_group_exit+0x207/0x2c0 [ 171.213750][ T5101] __x64_sys_exit_group+0x3f/0x40 [ 171.218879][ T5101] x64_sys_call+0x26c3/0x26d0 [ 171.223574][ T5101] do_syscall_64+0xf3/0x230 [ 171.228094][ T5101] ? clear_bhb_loop+0x35/0x90 [ 171.232801][ T5101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.238717][ T5101] RIP: 0033:0x7fd207375b59 [ 171.243144][ T5101] Code: Unable to access opcode bytes at 0x7fd207375b2f. [ 171.250164][ T5101] RSP: 002b:00007fffd6b51708 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 171.258590][ T5101] RAX: ffffffffffffffda RBX: 00007fd2073e4a82 RCX: 00007fd207375b59 [ 171.266575][ T5101] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 171.274603][ T5101] RBP: 00007fd2073e4a94 R08: 00007fffd6b4f4a7 R09: 0000000000000bb8 [ 171.282777][ T5101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 171.290773][ T5101] R13: 0000000000000bb8 R14: 00000000000296a4 R15: 0000000000029668 [ 171.298780][ T5101] [ 171.302164][ T5101] Kernel Offset: disabled [ 171.306515][ T5101] Rebooting in 86400 seconds..